One thing businesses owners rarely consider with their website is whether that site is in fact legal.
Your website is often the first point of contact with your customers and suppliers and so getting this right is crucial.
That’s why we have put together this quick checklist with some simple steps you can take to ensure your website is legal.
Tips to Make Sure Your Website Stays on the Right Side of the Law
1. Company Information
We would hope that every website would have this information clearly stated. For limited companies and limited liability partnerships, the website needs to display the company’s registered name (not just the trading name), place of registration, registration number and its registered office address. A valid contact email address should also be clearly displayed; a contact form alone is not good enough. If you have all this then great…. Good start!
Further, under the Electronic Commerce (EC Directive) Regulations 2002 if you are:
- A sole trader? If the business name is different from your own name, then your own name MUST also be provided. This can be done on your ‘About’ or ‘Contact’ pages.
- VAT-Registered? If your business is VAT registered, then the VAT registration number must be displayed on your website.
- Members of a trade or professional body? If your business provides a service that has a supervisory authority or you are members of a regulated profession, then this must be clearly displayed.
3. Cookie Laws
You must also gain consent from your website users before storing cookies on their devices. Consent must be given by a clear positive action and many websites do this with an ‘accept cookies’ button. It must also be easy for any website users to withdraw consent and disable cookies. These are legal requirements under the Privacy and Electronic Communications (EC Directive) Regulations 2003 and the GDPR.
4. No Pre-Ticked Boxes
The law dictates that users of your website must give express permission to be sent marketing emails. If people have signed up to your mailing list on your website, or have checked a box to say, ‘I would like to receive newsletters’ (or something quirkier) then great news: that counts as consent! GDPR however went one step further, as this box must NOT be pre-ticked. Once you have the permission to email your marketing list, this law requires you to provide a link or instructions on how to unsubscribe from your newsletter emails in EVERY email!
5. Do you have an online shop?
Under the Electronic Commerce (EC Directive) Regulations 2002, if you are selling products on your website, then this throws some more legal issues at you. You must provide information about the different steps needed to complete the transaction, what to do if an error was made and any details on whether your website can be translated into a different language.
Under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013, you must clearly display a link to your terms of purchase, the delivery options, a model cancellation form and the returns/refunds/exchange policy. Not only does it protect your customers, it also protects you. By not having certain pre-contract information accessible, you are breaking the law and legally leaving yourself very exposed.
6. Website Security
Websites that collect or store personal data must have adequate cybersecurity measures in place to prevent unauthorised access to that data. Not only is this a legal requirement under GDPR, this is also required by the Payment Card Industry Data Security Standard (PCI DSS), if your business processes payments.
Examples of security measures that should typically be taken to meet the PCI DSS and to comply with the GDPR include the following:
- Use of a firewall and anti-virus software.
- Updating all website software and passwords regularly.
- Only giving staff access to data and website administrative functions who absolutely need this.
- Implementing HTTPS security encryption on the website, which involves purchasing and installing an SSL certificate.
Consequences of not being legal
Failure to comply with the above can result in fines being imposed. The Information Commissioner’s Office and local Trading Standards offices can bring action against your business and so can the website user if the individual can demonstrate a loss as a result of your website failing to comply.
Don’t copy and paste from other websites. Not only is this an infringement of copyright, but you run the risk of copying content that is not legally compliant or is just complete rubbish. It certainly will not be tailored to your business and if you find yourself involved in a legal dispute, you’re unlikely to be able to rely on it in court.
BEB can assist with making sure your website is legal, drafting your terms and conditions or policies and answering any questions you may have.
www.bebconsultancy.co.uk, [email protected], 01604 217365