Although we know that business and e-commerce are bound by the law, did you know that all UK websites are bound by UK law too? Even if your website does not technically tread the ground of e-commerce – it still has legal requirements to fulfill. Failure to comply can result in both civil and criminal liability! And the penalties are not only detrimental and embarrassing to your branding but they can be financially costly too. Liability can include injunctions, fines, a criminal record and even imprisonment!
If that wasn’t enough to give you a slight shiver, in reality a vast number of micro-business websites are unknowingly illegal! In case your tummy has already begun to flutter nervously, here is a simple 7-step check-list to assess yours. Go ahead and check. To be legally compliant all UK websites must satisfy 6 conditions – with e-commerce sites satisfying 7.
All websites must display company information
All business stationery must display its company information. Your website and email are no exception! For micro-business owners, this information includes your company name, its principle place of business and contact information. If you have a limited company, this information must incorporate your company number, place of registration, any trade association memberships and any applicable VAT registration numbers too. Do check out the UK governmental website for more information on UK business classification and registration. in the EU, this will apply to you! Check out this cute video on GDPR for more information.
One way to conform to Data Protection is to include a Privacy Policy on your website which outlines how your company handles information. If you’re not certain where to begin check out the Privacy Policy on other websites working in your niche for ideas.
For more information on your statutory information requirements, you can check The Companies Act 2006 section 82 on Trading Disclosures and the Company Limited Liability Partnership and Business (Names and Trading Disclosures) Regulations 2015, regulation 25.
Alex Marks | Business & Commercial Lawyer (London)
All websites must conform to the Data Protection Act & GDPR
All websites must conform to the Data Protection Act (and GDPR Regulations from May 2018). This means that all sites must state how any personal data is handled and processed. If your website incorporates a contact form – like most do – you will be legally required to state how you handle the personal data you collect. Personal data includes any information that distinguishes one person from another – either directly or indirectly. It typically refers to who you are, what you do and where you go. Names, addresses (whether electronic or otherwise) and your digital footprint are part of your personal data.
All websites must legally state what, how and why, any personal information is used and whether it will get passed onto other organisations. Information must be kept secure, accurate and up to date and companies must acknowledge the right for users to view and correct any information that is held regarding them.
Specifically, the GDPR (General Data Protection Regulation) deals with the handling the personal data of EU citizens. This is irrespective whether your company is within the EU or not. If you work with others in the EU, this will apply to you! Check out this cute video on GDPR for more information.
One way to conform to Data Protection is to include a Privacy Policy on your website which outlines how your company handles information. If you’re not certain where to begin check out the Privacy Policy on other websites working in your niche for ideas.
You must have a compliant Privacy Policy under the UK GDPR i.e. the Data Protection Act 2018. And the Information Commissioner’s Office (ICO) says this: (Article 5.2 UK GDPR) Data Must be –
(a) processed lawfully, fairly and in a transparent manner in relation to individuals (‘lawfulness, fairness and transparency’).
(b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes (‘purpose limitation’);
(c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (‘data minimisation’);
(d) accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay (‘accuracy’);
(e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals (‘storage limitation’);
(f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures (‘integrity and confidentiality’).”Alex Marks | Business & Commercial Lawyer (London)
You need a compliant Cookie Policy and pop up or banner for before people enter your website – The Privacy & Electronic Communications (PECR) 2003, but 2019 amendment.
Alex Marks | Business & Commercial Lawyer (London)
All websites must warn its viewers of its cookies
A cookie is a small text file which gets placed on another hard drive when another device accesses your site. Often cookies help to improve the user experience and track behaviour. Note: a cookie cannot read data off the hard drive or even read cookies created by other sites and many are encrypted. In reality they are clever and secure little things. And without fail, most sites will launch cookies.
Even if you built your website with your own fair hands, many web-builder tools and platforms will incorporate and launch cookies behind the scenes. In fact, there’s a 99% chance that your website will launch cookies whether you are aware of it or not. For marketing purposes, you’d actually want it to, since it will enable things like Google Analytics or tracking and re-marketing through the Facebook pixel. And because of this, almost all websites will be legally required under the EU Cookie Directive to warn its viewers. Make certain that your website incorporates a cookie warning too. In WordPress check out its cookie plug-ins which will allow you to incorporate this requirement in only a few clicks!
You need a compliant Cookie Policy and pop up or banner for before people enter your website – The Privacy & Electronic Communications (PECR) 2003, but 2019 amendment.
Alex Marks | Business & Commercial Lawyer (London)
All websites must uphold the Disability Discrimination Act
Did you know that the Disability Discrimination Act applies to websites too? This means that your website content must be accessible to all users. True accessibility is about providing universal access. And although this may include friends who are visually impaired, it does not stop there. With modern technology most screen-readers can navigate through a website with great expertise, but there are a few additional things to consider. Always use a responsive web design which enables the widest access to your site and ensure that your content has logical flow to it. Add closed captions and transcripts to video and audio content and make certain you describe any significant actions in text form. Have all your important website media images with the ALT attribute added. This will generate alternate text for a graphic that a screen-reader can then read. And remember ALT text actually boosts your SEO too. It’s a really great aspect of webdesign to consider anyway and if you’d like to know more do check out the Dynomapper Blogs.
All UK websites must conform to EU Anti-Spam Laws
To conform to EU Anti-Spam Laws, all UK websites must ensure that any email lists generated come from opt-ins or subscriptions. Opt-in and subscribe forms are where email information has been freely and intentionally given. Although building an email list is vitally important, do keep things ethical. There are so many shady techniques out there so be wary! And as a side-note all marketing emails must always include an opt-out/unsubscribe instruction to be legally compliant. Opt-outs are a natural part of business so don’t be afraid to make them accessible.
You also need suitable tick boxes/disclaimers accepting (positive opt in) certain things for your Business Terms and Conditions and future marketing. All of these are necessary and the Information Commissioner’s Office is not only proactive it also fines. Eventually the ICO will reach to ask why you haven’t registered as a Data Processor unless you have. [Registration £40 pa - fine minimum £400.] It is going through all companies at the moment. It isn’t a legal requirement but it is a necessary matter to have a Website Use terms set of Conditions posted and we spoke about those.
Alex Marks | Business & Commercial Lawyer (London)
All websites must adhere to Copywrite and Intellectual Property Laws
All creators have the legal right to control the way in which their works are used. Created works include branding and trademarks, inventions, designs, art, photography etc. In fact, anything written or produced. So when you import graphics do make certain that they are all commercially re-usable (you have the author’s permission) and that crediting isn’t required. Check out sites like Unsplash, Pexels, Pixabay, StockSnap, Big Stock, PikWizard for downloadable photography (but do check for restrictions!!) and when searching through Google images, do harness the Tools menu to select graphics according to their usage rights. You will need graphics to be labelled as reusable. Often graphic creating packages such as Canva and Design Wizard offer free elements and images – but do not assume it is the case for all packages.
Remember that the laws that protect the work of others will protect your work too. Because of this, every website should have a Disclaimer stipulating how others may use its information. To be safe, it is wise to formally state in your disclaimer that your company does not accept any liability that may arise from others using or downloading information from your site. Check out other websites for ideas and seek legal advice if needed. And if you are not the only author on your site, to avoid the risk of libel be conscious of any derogatory comments or posts that may be incorporated through blog comments or additional authors. Feel free to delete and ban!
E-commerce sites must abide with Consumer Protection and Distance Selling Regulations
Finally, if you have an e-commerce website there will be are a few additional laws that your site must abide by. Laws here focus on Consumer Protection and Distance Selling Regulations. In this case, your website will need to state information on your terms of business. These are your Terms and Conditions, and will protect your business. Specifically your business terms should state the nature of your products and/or services, any charges and taxes, times and information regarding delivery, cancellation procedures, consumer rights and supplier details if appropriate. Find an e-commerce site that you like and is working in your niche and peruse their T&C’s for ideas.
If you hold, process or pass cardholder information – the Payment Card Industry Data Security Standard will affect your E-Commerce site too. And to enable the secure transfer of funds, you must ensure that your site has SSL certification. This is obtainable through your web-site hosting company and may/may not be included in your hosting costs. If not, there will be chance to pay an additional amount to gain this. The SSL security encryption is immediately identifiable by looking at your URL and noticing the additional s at the end of http. Sites with https are secure – and sites with only http are insecure. For more information on SSL certification do check out this fun and informative video.
How to avoid getting caught out
In this day and age when almost anybody can build a site, remember that creating a tangible website is only part of the job. Technology’s true cost will cover much more than just its coding – a website can be legal or illegal. Do check yours. After all, as T. Harv Eker once said “How you do anything, is how you do everything”.
A big thank you to Alex Marks for sharing additional insights and information with me during our conversations, and for indirectly contributing to this post. If anybody reading this requires legal advice concerning their business or website please feel free to contact Alex at https://alexanderbls.com/