As the business owner of a website, you have a legal obligation to keep your website compliant with current legislation.
Website legal requirements change frequently, and ignorance is no excuse for ensuring your business complies with all the legal issues and statutory requirements that govern the content and functionality of your website. I am not a solicitor, but wanted to share from my experience key areas for businesses to focus on. Of course, I recommend you get legal advice for any specific queries you may have.
Here is a checklist of 7 key website legal requirements:
1. The identity of your business
The Companies Act 2006 has the dubious honour of being one of the UK’s longest pieces of legislation, running to more than 700 pages long.
The Act requires you disclose certain information about the identity of your company on your website. This information doesn’t need to be on every page, but it does need to be easily found so it will typically go on your Contact Us page, or About Us page. You will also find placing some of this information on the footer section of your pages will be useful to both users, and for your search engine optimisation:
- Company name
- Company registered number
- Place of registration, such as England and Wales
- Registered office address
- Your company name, postal address and company email address
- How to contact your business via non-electronic means
- Your VAT number, even if the website is not being used for ecommerce transactions
- The name of any trade bodies or professional associations that the business is part of, including membership or registration details.
2. The right of users to grant consent for the use of their data
The GDPR regulations came into effect in May 2018. It is one of the most significant pieces of legislation improving the rights of individuals to understand how their personal data is being processed.
We have written a practical guide to help you make your website GDPR compliant, and the tasks you need to cross off your website compliance checklist include:
- Preferences on your web contact forms set to default to “no” or blank, and users have to actively opt-in
- Making it easy for users to withdraw their consent or opt-out
- Forms should collect a minimum of information, and only the data required for the task at hand
- Notifying users of cookies that are being used to track their behaviour
- And have in place a data breach process in case the worse happens.
3. Your company policies and procedures
There are a number of standard pages for you to include on your website.
- A privacy policy that details what personal information your business collects, and how you use that information
- A cookie disclosure explains how your business uses cookies on your website. This can be part of your privacy policy
- A disclaimer stipulating how users can use the information on your website, and what liability (if any) your business accepts. Again, this can be part of your privacy policy
4. Consumer protection
If your company is selling online, then your business will need to comply with a range of legislation that includes the online and distance selling regulations as well as electronic commerce regulations and the consumer rights act.
This is a complex area, but on your checklist the top level issues you need to consider include:
- The required information before an order is placed, including full costs, payment terms, delivery arrangements, and the rights to cancel
- The required information after an order is placed, including a copy of the contract to purchase
- That you fulfill the order in a satisfactory manner
- That your goods and services are of satisfactory quality, fit for purpose, and as described on your website
5. Accessibility
Your website must accessible to everyone who needs it. If it isn’t, you may be in breach of the Equality Act 2010.
In practice, what this means for your website is:
- meet level AA of the Web Content Accessibility Guidelines (WCAG 2.1) as a minimum
- work on the most commonly used assistive technologies – including screen magnifiers, screen readers and speech recognition tools
- include people with disabilities in user research
- and that you include an accessibility statement on your website
6. Cyber security and protecting personal data
The Information Commissioner’s Office has published a set of technical security processes that are considered to represent appropriate measures under the GDPR.
As a business, your responsibility is to take the necessary steps considered ‘appropriate’ to prevent personal data from being accidentally or deliberately compromised. In other words, it is your responsibility to prevent hacking and cybercrime.
In practice, this includes:
- Implementing an SSL certificate on your website for the encryption of personal data
- Updating your website software regularly, including your website operating system and your content management system
- Testing your website for security vulnerabilities
7. Respecting copyright
You will notice most websites have a “Copyright 2018” statement in the footer. All websites and their content are inherently copyright protected provided they are original works, and adding that text can act as a deterrent from others stealing your content. But businesses of all types could be a victim of copyright infringement by unknowing or unscrupulous businesses who think nothing of copying someone else’s work and passing it off as their own
It is in your business interest that you exert your own right to your copyright and that you respect the copyright belonging to others.
Your copyright checklist includes:
- that you are only making use of licensed or copyright free images
- that you are detecting other sites that could be infringing your copyright
- that you are protecting your own website copyright
This checklist of website legal requirements was produced to help you with your ongoing web improvement. I welcome your comments, questions, and suggestions. Feel free to contact us if you would like to discuss the next step in your web development planning.