Web from £295/mo · Email from £195/mo + seats · EU-sovereign · Cancel any time

Web from £295/mo · Email from £195/mo + seats

See the ladders →
UK Web Marketing Start your build

← Back to portfolio All case studies

Health & clinics · Dental · Case study

DSPT-aware migration off Wix in six weeks

Yorkshire-based independent dental practice — moved off a five-year-old Wix site onto a hand-coded Astro build on Vercel London, with sub-processor disclosure, DSPT-aware copy patterns and a private-treatment enquiry flow that doesn't fight UK GDPR. Maintained tier.

Yorkshire-based independent dental practice (anonymised)
  • Astro 6
  • Vercel London (lhr1)
  • Cloudflare DNS + email routing
  • Resend EU
  • Capsule UK CRM
  • JSON-LD MedicalBusiness schema
0.4s LCP (mobile)
6 weeks Migration time
100/100 Lighthouse
Maintained Tier

A two-surgery NHS-mixed dental practice in West Yorkshire, family-owned since the early 2000s, came to UK Web Marketing with a five-year-old Wix site. The brief was small on the surface — “can we make it faster and stop the cookie banner crashing on Safari” — and large underneath: the practice was about to submit its Data Security and Protection Toolkit (DSPT) annual return, and the website was the part of the surface their data-protection lead couldn’t sign off on. The published case-study client is anonymised at their request; the brief, the work and the outcome are not.

Why this is here and not in /reviews

The /reviews page is for short named testimonials. This page is for the longer-form work-log. Independent dental practices live or die on local trust, and naming them in case studies — even with permission — invites the kind of patient-acquisition cold-outreach that wastes their time and ours. The work speaks for itself; the practice gets quietly better; the case study describes the discipline, not the brand.

The brief, in one paragraph

A working, dated Wix site with the right kind of content but the wrong kind of plumbing. The cookie banner was a third-party widget loading 14 cross-origin scripts. The contact form posted to a US-resident endpoint. The “sub-processors” page didn’t exist because Wix had never asked for one. The DSPT submission window was six weeks away and the practice’s data-protection lead — a part-time DPO shared with two other practices — had flagged the website as a control gap.

What we did, in three steps

  1. Sub-processor audit + EU-sovereign rebuild plan. Documented every third-party script the Wix site was loading, mapped each to a sub-processor row (controller / processor, lawful basis, region, retention). Roughly 60% of them didn’t survive the audit. The replacement spec was Astro on Vercel London (lhr1), Cloudflare for DNS + email routing, Resend EU for the contact form, Capsule UK for the CRM hand-off, nothing US-resident on the client-data path.
  2. Copy patterns that don’t fight UK GDPR. Booking enquiry forms that ask for contact details only, with the clinical detail captured after registration on the practice’s existing clinical software (which is fine — that’s a regulated data controller in its own right). Cookie banner reduced to one PECR-compliant choice (essential vs. measurement), no marketing cookies, no third-party trackers.
  3. DSPT-aware documentation, public. Sub-processor list, lawful-basis table and retention windows published at /compliance on the new site, versioned, public. The DPO can hand the URL to the DSPT reviewer instead of forwarding an internal Word doc.

The outcome, in numbers

  • 0.4s LCP on mobile. The old Wix site sat at 4.1s LCP on a throttled 4G connection. The Astro rebuild — same content, same images, hand-cropped — lands at 0.4s on an iPhone 12 over the same cellular connection.
  • Six-week migration. DNS cut on the morning of week six. The old Wix subscription was cancelled the same week. No content was lost; the practice’s Google Business Profile reviews continued attaching to the new site because the GMB URL update was queued before DNS cut.
  • DSPT submitted on time. The practice’s annual return was filed two weeks after launch with the new /compliance URL referenced as evidence under the appropriate controls.
  • Lighthouse 100/100 on the four core pages. Accessibility, best-practices, SEO, performance — all green, all stable.

Why us

A web agency that has already built a public /compliance page for itself isn’t guessing what one looks like for a clinic. The same sub-processor discipline, the same lawful-basis table, the same retention windows — published on the agency’s own site as a reference implementation. The dental practice’s DPO read our /compliance page on the first call and decided to brief us before the second.

The practice is on the Maintained tier (£495/mo). One substantive piece a month, a quarterly compliance posture review, and a named technical contact on the file the next time the DSPT reviewer asks. WhatsApp me if your practice is in a similar position — DSPT submission window, Wix site, no documented sub-processor list. The first conversation costs nothing.

Other case studies

← All case studies

From £295/mo web · From £195/mo email · Cancel any time

Ready for the web + email infrastructure your practice should already have?

Start your build
See pricing — from £295/mo WhatsApp