Starting the business website means managing many tasks at the time – content, photos, functionality, branding, and so on – and it’s very easy to forget about the legal requirements, what we are obliged to put on our websites. This post is only a basic guide for the websites’ legal requirements in the United Kingdom and you may be obliged to put additional info, depending on your trade or profession. It’s written from a web designer’s point of view, so it’s a definite standard checklist on what should be put on a website. Business owners are responsible for all specifically required info.
Every website visitor will want to know some basic info about the business or organisation behind it. The required information may vary depending on the legal structure, trade, profession, and activities they do online. But in general, the business website must provide:
- The business name
- Trading address
- The E-mail address and phone number
This kind of business must display its VAT registration number. Find out more on the Electronic Commerce (EC Directive) Regulations 2002.
Sole traders must provide the name of the business and the trader’s name (if differs). It’s a good practice to provide “about” page that clarifies who the business owner is and “contact” page to make the contact easy. You can find out more on the Electronic Commerce (EC Directive) Regulations 2002.
In addition to the info above, limited companies must also provide:
- the company’s registered name, its registration number
- the address of its registered office
- where in the UK it’s registered (England/ Northern Ireland/ Scotland, etc.)
- if the company is exempt from the use of “limited” in its name, there must be a statement that it is a limited company
You can find out more on the Companies (Trading Disclosure) Regulations 2008.
Limited liability partnerships
Limited liability partnerships must display similar information to the limited companies’ details.
Find full legislation governing requirements on the Limited Liability Partnerships (Application of Companies Act 2006) Regulations 2009.
Most interactions between a website and its user (sign up, placing orders, comments, etc.) require submitting user’s personal data, which are strictly protected by law. Any business that stores any users’ personal data must comply with GDPR (General Data Protection Regulation) and the Data Protection Act 2018. Personal data is all information that identifies a living person. Before collecting personal data, a business website must display a visible and concisely written privacy notice. In practice, it’s usually a pop-up window on every website we visit, so you should be already familiar with GDPR compliant appearance and content. It’s also on my website. You can see a privacy notice template and general guidance about complying with GDPR on Information Commissioner’s Office.
Cookies are small files stored on the website user’s device (computer/ smartphone, etc.). They remember data, such as user’s browsing history, preferences, purchases and they can be used for different purposes – for example to improve user experience or to target the right advertisements.
These requirements are under the Privacy and Electronic Communication (EC Directive) Regulations 2003 and the GDPR. The ICO provides guidance on how to comply with this legislation.
Online orders and e-commerce
When the website enable visitors to buy goods or services through the website, they must provide all information that clarify the process to a customer:
- info about different steps to follow to complete the transaction
- a way to identify and correct input errors
- info about languages the website can be translated to
- the purchase button must be clearly indicated with words such as “Order and Pay Now”
- goods selling businesses must also provide certain pre-contract information and access to a cancellation form. These are under the Consumer Contracts (Information, Cancellation and Additional Charges) Regulations 2013.
- selling businesses
Cybersecurity measures for business websites are under the GDPR and the Payment Card Industry Data Security Standard (PCI DSS), which must be complied with by businesses that process payment card details. Examples of security measures are:
- using a firewall and anti-virus software
- implementing HTTPS security encryption and SSL certificate on the website
- restricting and monitoring staff access to data
- updating website software and passwords
- find out more on ICO website
The Equality Act 2010 sets the requirement to provide reasonable allowance for the needs for people with disabilities. The access to business websites must be accessed for everybody and cannot be impaired by disabilities. This guideline made by World Wide Web Consortium will help you to work out the accessibility measures.
Besides legal requirements there is also couple of things worth including on the business website:
- terms and conditions of the website’s use – legal requirements, website’s policy, etc.
- a copyright notice – most of original work are automatically protected by law, however it might be helpful simply as a reminder or in case of a dispute
- a disclaimer – may help to protect the business from claims
I’m a web designer, not a lawyer. I provided all legal requirements and resources I know, but it shouldn’t be considered as a legal advice.
The information provided here is for general informational purposes only. Treat it as a starting point. The blog post is provided in good faith, however I don’t give a warranty the info above is relevant, accurate, valid for your business. You’re responsible for your own business and I have no liability to you for any loss or damage of any kind incurred as a result of the use of the site.