What are the legal requirements for a website? (Updated November 2024)

Part 1 – What you MUST do

Display a valid Cookie Notice

What the law says:

Under EU wide legislation, all websites that are owned within the EU or are aimed at customers in the EU are required to comply with the Cookie Law. This is a piece of privacy legislation that requires websites to get consent from visitors to store or retrieve any information on a computer, smartphone or tablet. The intention of the law was to help protect online privacy by making consumers aware of how information about them is collected and used online, and give them a choice to allow it or not.

Cookies were first regulated under an EU Directive that was adopted by all EU countries in May 2011. The directive gave individuals the right to refuse the use of cookies that reduce their online privacy. Since that time, each country has updated its own laws to comply. In the UK this meant an update to the Privacy and Electronic Communications Regulations (PECR), which sit alongside the Data Protection Act and the GDPR to give people specific privacy rights in relation to electronic communications.

What you need to do

According to the UK Information Commissioner’s Office (ICO), your website must contain a cookie banner that:

• tells people the cookies are there;
• explains what the cookies are doing and why; and
• gives people the right to refuse certain cookies
• gets the person’s consent to store a cookie on their device.

As long as you do this the first time you set cookies, you do not have to repeat it every time the same person visits your website.

Why it matters

Failure to comply leaves you at risk of enforcement action from the ICO, which in exceptional cases may lead to a fine. Such action is not, however, the only risk to your business. Evidence indicates that consumers tend to avoid engaging with websites where they believe their privacy is at risk. There is also a generally low level of trust concerning web tracking by the use of cookies.

Satisfy the GDPR rules

What the law says

The General Data Protection Regulation (GDPR) which came into force on May 25th, 2018 was one of the most significant legislative changes affecting online businesses and has many implications for your website. Like the PECR, the law is enforced by the ICO. Put simply, GDPR governs how a business can collect, store and share personal data.

As well as transforming the rights of individuals, the act also has a huge effect on businesses who fail to comply – fines of up to 4% of annual global turnover or 20 million Euros, whichever is higher. In addition, there is the risk of adverse publicity having a severe impact on your business. So what does your website have to do in order to comply with GDPR? Here’s a breakdown.

Obtaining data: Ensure methods of obtaining consent are up to date

The first part of GDPR compliance concerns how your business collects personal data, and this includes any information collected through your website or supplied to your website via other sources.

1. Obtain explicit user consent

You must ensure that any process your website uses to obtain consent to collect personal data is specific, informed, freely given and an absolutely clear indication of the individual’s wishes. The individual must be able to give consent by means of a simple and affirmative action on their part. It is not acceptable to assume consent has been given – so make sure you do not use pre-filled checkboxes

2. Provide granular opt-in for sign-ups

You must make sure that any request for a customer to opt-in includes a prominently displayed box that the customer must choose to click to opt-in, directly beside clear information explaining what they would be agreeing to and why. In the example of a mailing list, you should make sure that the customer has the opportunity to choose each channel they agree to be contacted by e.g. by email, telephone, SMS, etc.

You should also ensure that any customer contact forms include an explicit GDPR statement that the customer has to acknowledge.

3. Provide a Privacy Policy

You must ensure that you have a clear and easily accessible privacy policy page that explains how your organisation collects, stores and shares data. This is usually best linked to site-wide from the footer.

Storing data: Make sure customer data is safe

As well as regulating how you collect data from customers, the GDPR also sets out strict rules on the measures you must take to protect this data. There is a requirement to take proactive action to prevent data breaches, which includes when data gets lost, stolen, hacked, destroyed, altered, inappropriately accessed or published without permission. In the event of a breach, there are also reporting requirements.

1. Install and configure an SSL Certificate

Make sure that you have a correctly set up SSL certificate on your website and that the site is set up to use the https connection, An SSL certificate provides security for online communications by enabling an encrypted connection, meaning that third parties cannot intercept the connection and access private data. Good quality SSL certificates require your organisation to be authenticated by a trusted issuing authority.

Good to know:

In addition to GDPR compliance, an SSL certificate is also now essential to maintaining your SEO as Google will penalise sites that do not have a correctly configured SSL certificate.

2. Make sure you have a secure server environment

It is essential that your website server(s) meet minimum security requirements. This means that, at a minimum, you need to ensure that your server offers a certain level of protection from hackers.

Use secure passwords‍

One of the most fundamental rules is to ensure that secure passwords are mandatory and that a suitable standard of data encryption is used.

Set up a firewall

You should also ensure that you have a firewall in place that restricts access to the server, helping to prevent attacks by hackers.

Keep records

Be aware that the GDPR also covers the sharing of data, so it is pertinent to maintain records of any party which has access to your server(s) and documentation in place concerning security procedures.

Display Website Terms and Conditions in 2024

What the Law Says:

By 2024, businesses with any form of online presence must adhere to comprehensive regulations to maintain transparency and trustworthiness. Even if your website isn't directly selling goods or services, it must comply with the Electronic Commerce Regulations. These rules mandate that businesses provide users with clear information about company details and consumer rights. The best practice is to house all this information on a well-structured Terms and Conditions page, which serves as a legal agreement between your business and its users.

What You Need to Do:

Setting Up Your Terms and Conditions Page:

1. Order Process Explanation: Clearly outline the technical steps involved in making a purchase. This transparency helps users understand what to expect and reduces confusion during transactions.
2. Contract Terms and Jurisdiction: State the terms and conditions under which business contracts are formed, including applicable legal jurisdictions. This information should be easily accessible and in a format that users can store and reproduce for future reference.
3. Service Provider Information: Provide the full name of the service provider, a valid email address (a contact form isn’t enough), and a geographic address. This ensures users have multiple ways to contact you, enhancing trust and credibility.
4. Order Acknowledgment: Offer electronic confirmation of orders and clear instructions on correcting any input errors during the order process. This not only fulfills regulatory requirements but also improves user experience by minimising errors and misunderstandings.
5. Company Registration Details: If your business is a registered company, display your registration number and the place of registration. This information enhances transparency and reassures users about your business's legitimacy.
6. Membership and Association Details: List membership details, including registration numbers of any trade or professional associations. This can add credibility and denote professional standing within your industry.

Implications of Non-Compliance:

Ignoring these legal obligations can result in significant consequences, such as fines or legal action. Non-compliance might also damage your business’s reputation, leading to a loss of consumer trust. Users are increasingly aware of their rights and expect businesses to operate transparently. Failure to maintain a clear and comprehensive Terms and Conditions page can deter potential customers and negatively impact your brand image.

Benefits of Compliance:

Adhering to these best practices not only keeps you within legal boundaries but also enhances your business's reputation. A detailed Terms and Conditions page can build trust with your audience, fostering customer loyalty and potentially increasing sales. Furthermore, being proactive in compliance can differentiate your business in a competitive marketplace, showcasing your commitment to user rights and ethical business practices.

Technological Advancements:

Advances in technology offer tools to streamline compliance processes. For instance, AI-driven platforms can help keep your terms updated by automatically incorporating legal changes. This ensures your business stays compliant without dedicating excessive resources to manual updates. Additionally, these technologies can enhance user interaction with your terms through more intuitive interfaces and personalised content delivery.

By meticulously crafting your Terms and Conditions page, you not only comply with legal standards but also contribute to a transparent, trustworthy online environment. This proactive approach can foster deeper engagement and customer satisfaction, ultimately supporting your business growth in 2024 and beyond.

Display Your Company Name Correctly

What the Law Says:

When it comes to displaying your company name correctly, it's crucial to adhere to several regulations that ensure transparency and legality in business operations. Alongside the Electronic Commerce Regulations, businesses must be mindful of additional regulations governing business names. These rules apply to:

• Individuals who trade under a name that isn't their own.
• Partnerships that operate under names not reflective of the individual partners.
• Companies/Limited Liability Partnerships conforming to broader legal standards.

Both the general laws on business names and the Electronic Commerce (EC Directive) Regulations 2002 require that specific information is accessible on a website. This ensures that consumers know exactly who they are engaging with online, fostering trust and accountability in digital commerce.

What You Need to Do:

If You Are a Company:

For registered companies, there are specific requirements for the information that must be displayed on your website:

• Registration Location: Clearly state the part of the United Kingdom where the company is registered. This information helps consumers understand your legal framework and jurisdiction.
• Registered Number: Include your company’s registered number. This unique identifier adds credibility and allows for easy verification of your company’s legitimacy.
• Office Address: Present the address of your company’s registered office. A physical address provides a point of contact and a layer of trust.
• Company Type: Mention if you are a limited company, particularly for those exempt from using 'limited' in their name, or if you are a community interest company not considered public.
• Investment Status: If applicable, indicate that the company is an investment company. This transparency is crucial for potential investors and partners.
• VAT Number: Display your VAT number, even if your site is not used for e-commerce transactions. This inclusion is vital for business dealings, especially in the EU.

It's important to note that simply having a 'contact us' form is not sufficient. You must also provide an email address and a geographic address to comply with these regulations.

If You Are a Sole Trader or Partnership:

Sole traders and partnerships that aren't registered companies must be equally transparent, particularly when using a business name that isn't simply a reflection of their own names or those of all partners. This requirement extends to both business stationery and your website:

• Proprietor or Partners' Names: Clearly display the full name of the proprietor or all partners involved in the business. This disclosure is essential for clarity on whom customers and suppliers are doing business with.
• Business Contact Address: Provide an address where the business can be contacted and where legal documents can be formally served. This ensures legal accountability and offers a reliable point of communication.

Implications of Non-Compliance:

Failing to adhere to these display requirements can lead to significant legal repercussions. Non-compliance might result in fines, damage to your business reputation, and a loss of consumer trust. Customers are increasingly aware of their digital rights and expect transparency from businesses they engage with online. By neglecting these regulations, you risk alienating your audience and potentially facing legal challenges.

Benefits of Compliance:

Following these best practices not only keeps you within legal boundaries but also enhances your business reputation. Transparency in business operations builds trust with consumers, which can lead to increased customer loyalty and a stronger brand presence. Furthermore, being proactive with compliance can differentiate you in a competitive market, showcasing your commitment to ethical business practices.

Technological Advancements:

With advancements in technology, tools like AI can help automate the compliance process. For example, AI-driven platforms can verify the accuracy of displayed information and ensure that compliance updates are applied in real-time. This can save businesses time and resources while ensuring ongoing adherence to regulatory standards.

By following these guidelines, you can ensure that your business is not only compliant but also positioned to build long-lasting relationships with your customers, fostering a trustworthy online environment.

Make sure your advertising and marketing is legal

What the law says

Alongside everything else, it is worth mentioning that if you are selling goods or services, you also have a duty to comply with the various laws in place to protect consumers. This includes The Consumer Protection from Unfair Trading Regulations which outlaws misleading practices such as false or deceptive messages, or leaving out important information.

What you need to do

Check your product descriptions are accurate

You must provide consumers with goods or services that are as described, fit for purpose, and of satisfactory quality. This means that it is vital to review your product descriptions for accuracy.

Check that your prices are correctly displayed

You must display clear prices and state whether tax or shipping costs are included. All hidden costs must be included in the final price or made clear on any advertising materials. Providing misleading information on the pricing of goods or services is a criminal offence.

Provide written order confirmations

Written confirmation must be provided to the consumer when purchasing an item. If you run an eCommerce store, make sure that your automatic emails are correctly configured. You should check that the system automatically generates and sends the documents as required, and make sure that the content is correct.

You may also find it a good idea to make sure that your terms and conditions page reflects this.

A note for specialist websites

Certain specialist websites such as those in the finance sector, as well as sites that feature gambling, alcohol or adult entertainment are also subject to additional industry-specific regulations. Websites that are primarily intended for use by children are also becoming increasingly scrutinised. If you operate a website that may belong to a regulated sector, it is recommended to seek specialist legal advice in what you must do to comply with the law.

Part 2 – Best Practices: What you SHOULD do

Review your website accessibility

What the law says

Under current laws, only public sector websites are subject to accessibility regulation, as set out under the Public Sector Bodies (Websites and Mobile Applications) (No. 2) Accessibility Regulations 2018.

It should be noted, however, that all UK businesses remain subject to the Equality Act 2010, which imposes a legal obligation to make reasonable adjustments to accommodate the disabled when needed.

What you should do

At the moment, there is a largely discretionary approach as far as websites are concerned. As a rule, good judgment is encouraged. If you expect your website to serve specific groups of people with identified needs, then providing accessibility features to accommodate such customers would be reasonable.

For example, if you are providing an educational site that is relevant to people with impaired vision, you should consider adding accessibility features such as a high contrast option or the ability to make text larger.

Good to know:

The government has plans to monitor progress in public sector websites from January 2020, and whilst there are currently no announcements of wider plans, it is reasonable to assume that accessibility requirements may be extended to private businesses in the coming years.

In the meantime, it is advised that you consider carefully the needs of your expected visitors and do your best to acknowledge any difficulties they may encounter in using your website.

Proper Use of Intellectual Property in 2024

Understanding Intellectual Property Laws:

Intellectual property (IP) laws are fundamental in protecting the ownership rights of trademarks, images, and content displayed on your website. These laws ensure that creators and businesses can safeguard their works, encouraging innovation and creativity in the digital realm. For 2024, it remains crucial to understand that using any content owned by others necessitates explicit permission. Failure to secure proper authorisation can lead to legal disputes, financial penalties, and damage to your business reputation.

Steps to Ensure Compliance:

Licensing and Permissions:

1. Licensed Content Usage: Always verify that images, logos, or trademarks featured on your website are correctly licensed. This involves sourcing visual content from reputable stock image sites and adhering to their commercial use licensing agreements. Such diligence helps prevent unauthorised use and potential legal issues.
2. Third-Party Content: If your website incorporates images or logos from third-party sources, ensure you have obtained appropriate permissions. Many manufacturers allow their product images and logos to be used by stockists, but it's essential to double-check these agreements. Contact manufacturers directly if necessary to confirm usage rights.

Protecting Your Own Intellectual Property:

1. Copyright Notices: Protect your creative works by displaying accurate copyright notices on your website. This step reinforces your ownership and legal rights, providing a basis for action if infringements occur.
2. Trademarks: If you have registered trademarks, display them clearly, including the ® symbol, to denote their protected status. Trademarks are powerful tools in building brand recognition and trust, and their proper display is integral to maintaining your brand's integrity.

Implications of Non-Compliance:

Neglecting IP laws can have severe consequences, including costly legal battles and reputational harm. Unauthorised use of third-party content can result in lawsuits, while failing to protect your IP may limit your ability to contest infringements. Consumers and partners expect businesses to respect IP rights, and any breach can lead to a loss of trust.

Benefits of Adhering to Best Practices:

By rigorously following IP laws, you not only avoid legal pitfalls but also enhance your brand's credibility. Respecting IP rights fosters a positive image, demonstrating your commitment to ethical business practices. This approach can lead to stronger relationships with consumers and partners, ultimately benefiting your business in the competitive digital landscape.

Technological Advancements:

Technological solutions can aid in IP compliance. Tools powered by artificial intelligence can monitor your site for unauthorised content use and ensure your IP assets are correctly displayed. These technologies can automate compliance processes, saving time and resources while minimising the risk of IP violations.

Final Thoughts:

Navigating the complexities of intellectual property laws requires diligence and an ongoing commitment to best practices. By securing appropriate licenses for content and safeguarding your own IP assets, your business can thrive in 2024's digital marketplace. For personalised assistance or to learn more about how we can support your IP strategy, contact us today.

(Updated November 2024)