Meeting your legal requirements

5th June 2019 / by Steve Dye

If you’re running a business website, you need to make sure you’re meeting your legal requirements. Here’s a Checklist of the basic information you must provide on your website to stay on the right side of the law.

Let’s start with the big one – GDPR!

Any business doing business on line – especially e-commerce sites – will be collecting data from website visitors. Collecting any form of personal data (i.e. ‘information relating to a living person who can be identified’) means that you must comply with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

You must clearly display an easily accessible, clear and concise, plain English Privacy Policy before attempting to collect any personal data.

Your privacy notice or policy must inform the user about these key things;

  • the reasons why you wish to collect this data,
  • the purposes for which the data will be used,
  • how long it will be kept,
  • who (if anyone) it will be shared with

Cookies anyone?

Your Privacy Policy should also include a Cookies Policy. Your business website will almost certainly be utilising cookies. (Cookies are small files that get stored on the site visitors computer or mobile device. They exist for many different reasons – they can make the site visitor experience better, faster, easier, they help systems such as Google’s Analytics provide data to help the webmaster improve the website’s performance, they can also track users buying habits and preferences and then target advertising directly at them.

Your Cookie Policy must notify users that your site is using cookies and provide a clear explanation of what these cookies do. Your Cookies Policy must be easily accessible, simply to understand and should be included in the privacy notice displayed on the website.

Consent must be obtained from the site visitor before storing cookies on their devices. That consent must be given by a clear opt in action, such as clicking an ‘I accept cookies’ button. Furthermore it must be easy for website users to withdraw consent and disable cookies if they change their mind at any later stage.

Website security

If your business website is collecting or storing personal data you must ensure that it has adequate cybersecurity measures in place to prevent unauthorised access to that data – data breaches.

Examples of security measures that should typically be taken to comply with the GDPR include the following:

  • Use of a firewall and anti-virus software.
  • Updating all website software and passwords regularly.
  • Restricting and monitoring staff access to data and website administrative functions.
  • Implementing HTTPS security encryption on the website, which involves purchasing and installing an SSL certificate.

Information about your business

All Business Websites must display:

  • The business name
  • Business address, email and phone number
  • The business’ trading name
  • If the business is a limited company then this must be stated.

Different requirements apply depending on the legal status of your business.

Sole Traders

  • Must display their own name if it is different from the business name

Limited Companies

  • Must clearly show the registered name of the company
  • In what part of the UK it was registered
  • The registered address of the business
  • The Company Registration number

If your business is exempt from using the term ‘limited’ in its name the website must clearly state that you are a limited company.

LLP – Limited Liability Partnerships

  • Must clearly show the registered name of the company
  • Where in the UK it was registered
  • The Company Registration number
  • The registered address of the business

Whilst you are making sure that all the necessary information relating to your business is shown on your website you would also be well advised to add these best practice elements;

A disclaimer. This can help protect the business from claims for loss or damages as a result of someone using the website or relying on the information provided on it.

A copyright notice. A copyright notice states clearly how website content and images and the business logo may be used. This can be useful evidence in the case of a dispute.

Terms of website use. This can include all of your legally required policies and information as highlighted in this blog post and it should also cover other issues such as acceptable and unacceptable use of the website.

Are you VAT registered?

Display the VAT Registration number.

Are you running an e-commerce website?

If you are taking orders online then your customers must be provided with information to help clarify what they need to do when they order goods or services through your website.

Therefore the website must provide:

  • Detail about the actions they need to take to complete the transaction.
  • A way to identify and correct any input errors before they place their order
  • Information about any languages the website can be translated into to complete the transaction.

Also any button or function which will enable the site visitor to place their order on your system, must be labelled with wording that clearly indicates that this action ordering implies an obligation to pay – for example, ‘Order and Pay Now’ and ‘Confirm Your Order and Pay’.

Any business selling goods or services online must also provide consumers with certain pre-contract information and access to a cancellation form.

Furthermore your Ecommerce website must include a link to the Online Dispute Resolution Platform, which is a service provided by the European Commission to help traders resolve disputes with their online customers without going to court. View more information here.

Do you belong to a specific trade body or profession?

If you belong to a professional body or trade association and are publicly listed in a members directory relating to that trade or profession then this must be stated on your website. Check with your trade / professional organisation – they should have guidance on what information you need to provide here.

If you are providing a service via your website that is subject to an authorisation scheme then you must display the details of that regulating authority.

Members of a regulated profession must display details of the professional body or institution with which they are registered. Unless specifically exempt they must also display their professional title and in which country that title was awarded.

Finally – website accessibility

Your business website must take reasonable steps to address the needs of people with disabilities such as visual impairment, learning difficulties or difficulties in using a mouse. This is to ensure that they are not denied access to your website as a result of their disability.

If you would like to discuss any of these recommendations or if you would like help and advice on how to make your business website be more productive and perform better please contact us. We would be delighted to hear from you.


Pink Fish Photography

We’ve recently set up Pink Fish Photography - a professional product photography service to help capture product shots for e-commerce sites.

Christmas opening hours

This year, our offices will be closed from Monday, 20th December 2021. We'll reopen on Tuesday, 4th January 2022.

New partnership with Hopewiser

Pink Fish Associates Ltd are thrilled to announce a new partnership with Hopewiser Ltd, providers of global address validation and address cleansing services and software.

Business as usual – almost!

It's business as usual at Pink Fish with our proven remote-working strategies and video conferencing facilities.

Building great e-commerce websites

In today's crowded internet marketplace how do you build a successful online shopping site?

Get in touch

If you think we can help with your next project, please drop us a line or call us. We’d love to meet with you to see how we could work together.

Our offices in West Swindon are easy to reach with free parking right outside the door.


Contact us