Ensuring your website is legally compliant header

Creating or getting a website crafted for you in the current climate can be easily done, but ensuring your website is then legally compliant in the ever-changing climate isn’t always so easy. With an increasing number of legal compliances that your website must obey having come into practice in the past few years, you may easily find yourself on the backfoot when it comes to the latest regulations or industry directives. So are you compliant?

In this blog post, we’ll look at some necessary requirements as well as other additional requirements for a website – such as an e-commerce site, on the web.

Website Legal Compliance

Company or business information:

*Requirement

At the utmost, each website must list their company name and number, the location of which their office is registered, the place of registration, details which can be used to contact the company – including an email address, non-electronic contact information and if possible, both the VAT number of the business and any trade body or regulator that their company belongs to.

EU Cookie Law

*Requirement

Although a pop up covering the full screen of a website is not required, there must be a notification to the user to inform them of any cookies that are used on the site that ends up being either retrieved or stored from/on the end users PC or device, as well as how your business uses cookies. This informative message can be included in a separate cookie policy page or within the privacy policy of the site itself.

Terms of Use of Website

*Not required, but recommended

Terms and Conditions, also known as Terms of Use is a page that’ll set the rules and guidelines in place for using your website. Although a common feature on many sites, there is no legal requirement for having such a page, although it may be wise to have one to cover yourself for aspects of your site. Unlike terms and conditions, a privacy policy (see below) must be required if your site collects personal data. The terms and conditions are strictly separate from the likes of the privacy policy and cookies policy, as well as the selling of goods/services via the website.

Terms of Use of Website Template example:

Notification of Privacy Policy

*Only if applicable

If your website collects any personal data at all relating to web visitors and its consumers, the site must have a privacy policy to confirm that the data it collects. This privacy policy page must include details as the identity of the business, what personal information is collected and how the information is used.

Notification of Privacy Policy Template example:

Electronic Commerce (EC Directive)

*Only if applicable

Each site that carries out ecommerce must have terms of business on their website to ensure a consumer knows what they’re getting into. This information must include details of any goods or services, the delivery arrangements/charges, details on the supplier as well as the consumers’ cancellation rights. With these terms, they must be something that a consumer has to “agree” to before making a purchase or else you’ll be breaking the law whilst too leaving yourself legally exposed.

A consumer must also get written confirmation on an order, info and the requirements on the cancellation/cooling off period, technical steps necessary to complete a transaction, and the technical means for a customer to correct any mistake in an order before completing a purchase.

Email Disclaimer

*Only if applicable

In business correspondence, such as emails, your organisations’ information and other legal information should be included. This includes your company name as registered, a confidentiality notice and an email disclaimer. Regulated organisations must also add a disclaimer mentioning the organisation of which regulates your industry.

Email Disclaimer Template example:

Website Usage Legal Requirements

As much as the legal compliances for a website are a must-have for all sites to obey, there are too some legal requirements you should ensure you don’t fall afoul of.

Data Protection Act 1998

*Requirement

The Data Protection Act of 1998 is a law used to protect all of our personal data on computers or otherwise and states that everyone has the right to have their data protected. Whether that is names, addresses, contact numbers, financial information or other – all information should be equally protected. As a company, to store personal information you must first apply to register with the Information Commissioner and after being accepted, nominate a data controller to store and use the personal data of whom will then follow eight principles that make up the Data Protection Act:

  • Personal data should be lawfully obtained and processed.
  • Individuals personal data can only be held for necessary and specified lawful purposes.
  • Personal data should be relevant and applicable to the purpose.
  • Personal data should be accurate and up-to-date.
  • Personal data shouldn’t be kept for any longer than is required.
  • All data processed must be in a way that will allow the data subject to have the right to change.
  • Information must be protected with appropriate security with measures taken against unauthorised access.
  • Personal data cannot be transferred to a country outside the EU unless similar data protection laws are in place.

Equality Act 2010

*Requirement

A part of the Equality Act of 2010 ensures your website must be accessible for all and that it meets certain design standards that don’t shun any of its users. Such compliance is listed into two categories, priority 1 and priority 2 suggestions. Priority 1 includes:

  • Providing text with non-text elements such as pictures or navigational buttons.
  • Sensibly ordered documents for ease of reading.
  • Ensure all information can be read in black and white when colour removed.
  • Clear labelling of the website’s content.
  • Clear boundaries between changes in natural text to other content such as captions.

Although priority 1 suggestions are a more significant priority, it is recommended to cater for both compliance lists. Priority 2 suggestions include:

  • Ensuring both foreground and background colours have a different contrast
  • Markup language should be in a form that isn’t images
  • Implement header elements
  • Use style sheets
  • Ensure users who the target location that each link goes to
  • Ensure navigation usage is consistent overall
  • Provide metadata throughout web pages
  • Use blocks when dealing with large blocks of information

PCI DSS

*Only if applicable

The PCI DSS, known as the Payment Card Industry Data Security Standard is an association set up to help businesses process card payments securely and to help reduce card fraud both off and online. They manage this by ensuring there are controls around the transmission, processing and storage of cardholder data that a business or organisation handles. To tick the requirements of the standard and to be compliant, an organisation must:

  1. Build and maintain a secure network – with a firewall to protect the data implemented on it. Default passwords must under no circumstance be used.
  2. Add protections to cardholder data – use of encryption must be added to all data stored on the system and the transmission of cardholder data and sensitive information must be secured.
  3. Craft a vulnerability management program that will look out for risks – you should too use and update anti-virus software.
  4. Ensure strong access control and restrictions are ever-present – only access the data that is necessary for the business with blockades against accessing cardholder data. Each user of the system should also be assigned individual ID.
  5. Regular testing and monitoring of the network and access attempts to resources and cardholder data. Ensure all security systems and processes regularly work.
  6. Maintain a policy that discusses your Information Security Policy.

Modern Slavery Act Statement

*Only if applicable

A most recent addition to the legal requirements for a business website was added in 2015. Known as the Modern Slavery Act, this Act requires businesses that make a turnover of over £36 million a year to publish a statement at the beginning of each financial year to signify their commitment to understanding modern slavery, the business activities they carry out/nature of supply chain and what due diligence of suppliers is utilised.


Be sure to explore how to be web legal online and the consequences for not complying at Legalo, an online resource for all legal documents.

The following two tabs change content below.

Michael Tucker

Search and Social Marketer at Silkstream Ltd
Hola! My name is Michael Tucker and I deal with Search and Social Digital Marketing here at Silkstream. Enjoyed reading my article? Why not check out some others I've written by clicking "Latest Posts" above!