Setting up a website for your business can be an exciting time; it’s taking the first step to bring your business into the digital age. But did you know that there are several pieces of information that you are required by law to have on your website?
Company Location and registered information
The business name, address of registration, registration number, registered office address and membership of any trade associations must be displayed on the website, and VAT number. This is to comply with UK consumer law, presented in the Companies Act 2006. The information is generally placed in the footer of the website.
Cookies
Cookies are something that a lot of web users weren’t particularly aware of until, in 2012, it became a legal requirement for websites to allow users the option to opt out of cookies. Cookies are simple text files that are stored locally on your computer and are read by a website from which they were downloaded. It allows the website to store user actions and preferences for a combination of analytics and user experience.
The law is rather vague about what exactly a website needs to inform a user of, outside of it being necessary to show users a “clear and comprehensive” account of what you will use the data for. It is recommended by the Information Commissioners Office, ICO, that you should tell people that you intend to use cookies, with an explanation of what cookies are, and you should get a user’s consent to store them on their computer. The ICO define consent as an “unambiguous positive action”, such as ticking a box or clicking on a link, rather than an opt-out or assumed acceptance.
GDPR
Back at the start of 2018, everyone’s inboxes were flooded by companies desperate to keep you on their mailing lists. This was the result of new General Data Protection Regulation from a European Union directive. GDPR was aimed at improving the legislation around data controllers, those who hold and process data, and data processors, those who work with data, to help protect an individual’s personal information.
GDPR is a large piece of legislation, but there are several checks that can be used to make sure you’re compliant. Principally, the ICO’s checklists can help you to ensure you’re working in line with regulation.
The potential fine for not obeying GDPR regulations is whichever is greater out of 4% of annual revenue or €20million. Further implications of disobeying the GDPR laws include imposing a temporary or even permanent restriction on your company processing data and suspending data transfers to third countries.
Equalities Act
Something readily forgotten when designing a website is the importance of accessibility, and the legal definitions made within the Equalities Act 2010. The government sets out guidelines built on the W3C recommendations. W3C, the World Web Consortium have a comprehensive list of what is needed to reach the required AA rank, as defined by their principals. This includes making your website accessible for common accessibility tools, such as screen magnifiers and screen readers.
In 2012, airline Bmibaby was sued by the Royal National Institute of Blind People. The reason was that the website provided offers which only fully sighted people would be able to access, excluding blind customers from receiving them.
E-Commerce
E-commerce sites are subject to elements of broader consumer rights law. Falling under the category of Distance Selling, selling through an Ecommerce site is subject to not only all Distance Selling regulation, but many additional requirements for online businesses. Many of these will need including on your website. Before an order is placed through your website, you must tell a customer your business name, contact details and address, a description of your goods and services, the price including tax, the methods of payment accepted, delivery information including costs and estimated delivery time. Specifically for online orders, you have to make it clear that customers are paying for a product, this is most readily done by using a ‘Pay’ button. In terms of payment, the system you use to process payments must comply with the Payment Card Industry Data Security Standard.
When making any legal decisions involving your business, it is always important to check with a professional to ensure that you’re receiving the correct and most relevant advice for your current situation.
