Some things, like railings or skirting boards, are boring but necessary.  This blog is one of those things; it’s about making sure your website is legally compliant.  While perhaps not on the same level of thrill-seeking as white water rafting, you ought to make time to ensure your website complies with UK regulation and recommendations. We suggest you forward this, RT this, or in expert delegation fashion, simply pass this on to the individual who is responsible, making you look super on top of things in the process. Here are six things you need to look out for to ensure your website is compliant. Let’s begin…

1. Required Company Information.

This is applicable to all business stationery and by extension, a company’s website so make sure you list the following on your site:

  1. A company’s place of registration
  2. The company registered number
  3. The company registered office address.

2.The Web Accessibility and the Disability Discrimination Act.

There are certain things you need to do to make your site accessible and available to all who may need it. As recommended by the W2C consortium (or Web Accessibility Initiative), UK websites must adhere to Priority A and are recommended to adhere to priority AA. The final standard is priority AAA but this isn’t required by most websites. When your website is being built remember to make it clear to your developer which standard you’d like to adhere to. Priority A includes the following, but for a full list click the link above:

  1. Ensure that all information conveyed with colour is also available without colour. For example, don’t give any instructions on your website that would not be possible to follow if a visitor were colourblind.
  2. Make sure pages can be read without the coding stylesheet. The coding style needs to be laid out in such a way, that if the stylesheets have been turned off the site is still rendered correctly.

3. The Data Protection Act.

The act affects your website in several ways, the most important of which is how you store a user’s data. For example, if at any point you record a customer’s data, even on an enquiry form you must include a privacy policy on your site that informs visitors how you retain, process, disclose and purge their data. For more information check out the ICO website.

Let’s not forget those cookies either. Virtually every site uses them to improve user experience amongst other things. It used to be enough to simply reference cookie use in your privacy policy but no longer; EU law now requires that websites seek consent from visitors in order to make use of cookies.  Have a read through Cookie Law to make sure you’re compliant.

4. E-commerce regulations.

It’s important to make sure you’re familiar with what’s contained in the UK Electronic Commerce Regulations which can be found in full here. In line with Consumer Protection (Distance-Selling) Regulations, you should include the following information on your site if you sell goods online:

  1. The identity of the supplier and address when payment is upfront.
  2. A description of the service
  3. The contract price inclusive of taxes
  4. Delivery Cost (if applicable)
  5. Payment and delivery arrangement
  6. Notification of the customer’s right of cancellation
  7. The cost of the means of communication by which the contract is to be concluded (e.g. premium rate phone numbers)
  8. The period for which the terms are available
  9. Minimum duration of the contract, where applicable.

5. Payment methods.

In addition to the E-commerce directive, if you allow customers to use payment cards to buy goods on your site you need to comply with the Payment Card Industry Data Security Standard (PCI DSS). To do so you need to:

Have a suitable firewall on your server and up-to-date anti virus software installed.
Ensure system passwords are secure.
If you save credit/debit card that it is protected, the website must have a suitable SSL certificate to encrypt transmitted data.
Check out the Security Standards Council website for more information.

6. E-mail marketing.

If you want to send marketing emails to customers who have signed up to such a service you need to ensure that an opt-out or unsubscribe option is offered to them. If you purchase a database of emails to send marketing information to, you need to be clear that all of these people have given consent for third parties to obtain and use their emails for this purpose.


…There, that wasn’t too painful was it?