The A to Z Guide to Legally Compliant Websites

One of the more intimidating aspects of making your business website run smoothly can be getting the legal side of things right. With all the legal jargon, rules and regulations surrounding compliance on the web, the lay website owner may find the whole experience daunting. Despite the seemingly labyrinth of legal parameters, understanding the requirements for a legally compliant website needn’t be as complex as one might imagine.

People often forget that any laws concerning website compliance are geared towards sound business practice and consumer protection, both of which are a good thing! The aim is to promote businesses, ensure consumer confidence and foster all-round protection for the parties involved in the website experience. Businesses have to follow the rules to ensure a lasting online platform and site visitors need the assurance that their rights are protected.



Both UK and EU law require businesses which have an online presence to comply with particular rules to guarantee a legally sound website. Online commerce has seen a massive upshift since the turn of the millennium, and so a number of rules have been put in place to accommodate this increased usage.

Here’s an alphabetical checklist of some of the most important points and laws a business will need to consider in ensuring a legally compliant website:

*Anti Spam: Rules governing anti spam are in place to restrict websites sending unwanted and uninvited marketing emails to its subscribers. The Privacy and Electronic Communications Regulations 2003 cover anti spam and to comply with it, businesses must only send marketing emails to those who have consented to their receipt, except where there is a clearly defined customer relationship. Websites must include an ‘opt-out’ or ‘unsubscribe’ instruction on all marketing emails sent. Breaching anti spam laws can mean incurring fines of up to £5000.

*Accessibility: Everyone should have access to a website and the law caters for those with disabilities. Per the Disability Discrimination Act 1995 (now the Equality Act 2010), make sure your website content is user-friendly to the visually impaired and (if you have video and audio material) to those who are hard of hearing. To do otherwise may be considered unlawful disability discrimination.

*Business Information: If your business is a registered company, your website need to detail all the relevant business information. This includes the business name, place of registration, registered office address, registered number. You should also include details of how customers can contact you should they need to.

*Consumer Protection: If your business sells goods via its website, compliance with the Consumer Contracts Regulation is a must. Your website should include a description of any and all goods, prices (including additional costs e.g. charges for delivery), acceptable payment methods, cancellation/return policies, etc.

*Cookies: Most sites use small files which store information in users’ browsers (“cookies”) which are geared towards customisation. Cookies recognise information between pages or visits, making for a more personalised user experience. But some cookies collect data across websites, creating ‘behavioural profiles’ of users, which can then be used to determine what content or adverts to show users. In light of this, websites must obtain the consent of a user to leave cookies on the visitor’s computer unless the cookie is needed for the website’s operation (e.g. shopping cart cookies). Breaching cookie laws can lead to financial penalties.

*Copyright infringement: Any website that wrongfully copies and uses the property and content of another may be found in breach of provisions laid out in the Copyright, Designs and Patents Act 1988. You must obtain the owner’s consent prior to use.

*Data Protection: Most businesses with an online platform for their customers will be dealing very closely with user information. Data protection remains a highly contentious topic and business websites must adhere to stringent rules. Users have a right to know what personal information is being used and how it is stored and the Data Protection Act 1998 provides them with protection in this regard. You need a data protection notice in place which is clear, easily accessible and simple to understand. The Office of the Information Commissioners should also be notified that your website is collecting data.

*E-Commerce Regulations: These are the European laws regulating any websites which engage in commercial transactions. The Regulations state the information which a website has to provide, including but not limited to:

  • The service provider’s name & email address
  • VAT number
  • Prices

*General Data Protection Regulation: This is relevant to the data protection issues above, but you should know the the law now governing this all over Europe is the General Data Protection Regulation

*Illegal activity: Any illegal activity that may occur in conjunction with your website needs proper investigating. You must be considered a ‘diligent economic operator’ in the eyes of the law. You shouldn’t turn a blind eye to any illicit goings-on involving your website. Be vigilant of those who can use or modify your website content and of any third parties who have access to it. Any hint of illegal activity should be dealt with accordingly.

*Information Display: Under the E-Commerce Regulations, any information you have to provide must be given in an easily, directly and permanently accessible form or manner.

*Payment: Online payments are now a common feature of E-Commerce websites and with scope for fraud a common concern, websites must have adequate protections in place. Many sites handle payments via a third party provider such as PayPal, in which case both a website owner and the relevant third party are obligated to take reasonable precautions in protecting customers’ financial details.

*Privacy: A Privacy policy must be displayed on the website if user data is processed and the policy must inform users what the data is used for. Such a policy must be compliant with the Data Protection Act 1988. Your website’s privacy policy must also explain what cookies will be created and their purpose.

*Terms & Conditions: Terms of use should be clearly visible and accessible on all business websites. Terms of use are covered in the E-Commerce Regulations. These terms must state various details which include:

  • The supplier’s Identity and address
  • An accurate description of the service
  • All prices and costs, including taxes
  • Policies concerning deliveries and returns
  • Particulars regarding cancellation

So does your website tick all the boxes?

In light of ever increasing pressure to promote good website practice, and with cyber threats always a possibility and a call for improved security and privacy, it is no surprise that lawmakers and regulators have enacted such widespread compliance rules! While a number of legal requirements are currently in play, conforming to current legislation does not have to have a frustrating experience if you gets the essentials right.

And besides, not to do so could spell big trouble for your business. Any legal sanctions that you are found to have breached puts your business at risk of facing court action and potentially eye-watering fines! As a business, you will want to keep costs down and incurring litigation proceedings is not only detrimental as far as profits are concerned but is also damaging to your commercial reputation.

Following these rules, you can carry out your business functions in full knowledge that you are fulfilling your legal obligations to your users. Abiding by the law will also help you in establishing long-term customer loyalty, which is key to any business!

Spread the love