One thing businesses owners rarely consider with their website is whether that site is in fact legal.

Your website is often the first point of contact with your customers and suppliers and so getting this right is crucial.
That’s why we have put together this quick checklist with some simple steps you can take to ensure your website is legal.

Tips to Make Sure Your Website Stays on the Right Side of the Law

1. Company Information

We would hope that every website would have this information clearly stated. For limited companies and limited liability partnerships, the website needs to display the company’s registered name (not just the trading name), place of registration, registration number and its registered office address. A valid contact email address should also be clearly displayed; a contact form alone is not good enough. If you have all this then great…. Good start!
Further, under the Electronic Commerce (EC Directive) Regulations 2002 if you are:

  • A sole trader? If the business name is different from your own name, then your own name MUST also be provided. This can be done on your ‘About’ or ‘Contact’ pages.
  • VAT-Registered? If your business is VAT registered, then the VAT registration number must be displayed on your website.
  • Members of a trade or professional body? If your business provides a service that has a supervisory authority or you are members of a regulated profession, then this must be clearly displayed.

2. Privacy Policy

A privacy policy MUST be displayed on your website if personal data is being processed and it must inform the user what the data is being used for. This is essential to be compliant with the General Data Protection Regulation 2016 (GDPR) and the Data Protection Act 2018.

To put it simply… if you have a contact form on your website where users can ask you questions via your website or sign up to your mailing lists, you need a Privacy Policy. If you have an online shop, you need a Privacy Policy (and T&C’s). You will probably have cookies on your website and collect analytics about your website traffic and therefore you need a Privacy Policy. The Privacy Policy should be accessible on every page, so it is a good idea to place a link in the footer of your website along with your Terms & Conditions and ‘Contact Us’ links.

3. Cookie Laws

There are laws on making sure your users know about your cookie use, providing a clear explanation of what these cookies do. It is sufficient to set out within the Privacy Policy if and how your business uses cookies on the website but make sure it is in there.

You must also gain consent from your website users before storing cookies on their devices. Consent must be given by a clear positive action and many websites do this with an ‘accept cookies’ button. It must also be easy for any website users to withdraw consent and disable cookies. These are legal requirements under the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the GDPR.

4. No Pre-Ticked Boxes

The law dictates that users of your website must give express permission to be sent marketing emails. If people have signed up to your mailing list on your website, or have checked a box to say, ‘I would like to receive newsletters’ (or something quirkier) then great news: that counts as consent! GDPR however went one step further, as this box must NOT be pre-ticked. Once you have the permission to email your marketing list, this law requires you to provide a link or instructions on how to unsubscribe from your newsletter emails in EVERY email!

5. Do you have an online shop?

Under the Electronic Commerce (EC Directive) Regulations 2002, if you are selling products on your website, then this throws some more legal issues at you. You must provide information about the different steps needed to complete the transaction, what to do if an error was made and any details on whether your website can be translated into a different language.

Under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, you must clearly display a link to your terms of purchase, the delivery options, a model cancellation form and the returns/refunds/exchange policy. Not only does it protect your customers, it also protects you. By not having certain pre-contract information accessible, you are breaking the law and legally leaving yourself very exposed.

6. Website Security

Websites that collect or store personal data must have adequate cybersecurity measures in place to prevent unauthorised access to that data. Not only is this a legal requirement under GDPR, this is also required by the Payment Card Industry Data Security Standard (PCI DSS), if your business processes payments.
Examples of security measures that should typically be taken to meet the PCI DSS and to comply with the GDPR include the following:

  • Use of a firewall and anti-virus software.
  • Updating all website software and passwords regularly.
  • Only giving staff access to data and website administrative functions who absolutely need this.
  • Implementing HTTPS security encryption on the website, which involves purchasing and installing an SSL certificate.

Anything else?

Although not a legal requirement, it is best practice for all websites to display website terms of use, in which you can include copyright information and a disclaimer. This sets out what visitors to your site can and can’t do, such as copy the text and images. You’ll need this as evidence in the event of a dispute.

Consequences of not being legal

Failure to comply with the above can result in fines being imposed. The Information Commissioner’s Office and local Trading Standards offices can bring action against your business and so can the website user if the individual can demonstrate a loss as a result of your website failing to comply.

And lastly:

Don’t copy and paste from other websites. Not only is this an infringement of copyright, but you run the risk of copying content that is not legally compliant or is just complete rubbish. It certainly will not be tailored to your business and if you find yourself involved in a legal dispute, you’re unlikely to be able to rely on it in court.

BEB can assist with making sure your website is legal, drafting your terms and conditions or policies and answering any questions you may have., [email protected], 01604 217365