Latest News


Consent management and GDPR

Andrew Libra | 12 Oct, 2023 | Return|

So, you have had your website designed; you have created engaging informative and well-constructed content. The website is hosted on a secure hosting environment and the website development has gone smoothly – it is on time and on budget! But what have you missed?

Yes, the boring legal compliance stuff which every business needs to have in place for its website launch as well as ongoing development. Below are a six of the key legal compliance elements you will need to have on your website:

  1. The identity of your business
  2. GDPR User Consent & Security
  3. Terms of Use & Privacy Policy
  4. Consumer Protection
  5. Cookie Consent Management
  6. Copyright

1) The Identity of your business


It sounds a little bit obvious, however under the Companies Act 2006 you must disclose various pieces of information about your company on your website. This is designed to distinguish the legitimate businesses out there from the more dubious ones. This is also a safety net for allowing ease of use of contact; after all your website is there to contact customers and prospects and to help sell your products and / or services, so why not make contacting you as easy as possible!

The information does not need to be on every page, so in most cases you will see this either on the main contact page or on one of the legal pages such as Terms & Conditions. But what information should be disclosed:

  1. Company name
  2. Company registered number
  3. Place of registration, such as England and Wales
  4. Registered office address
  5. Your company name, postal address and company email address
  6. How to contact your business via non-electronic means (postal service!)
  7. Your business VAT number, even if the website is not being used for ecommerce transactions

Whilst not a legal compliance, it maybe that your industry requires you to display the name of any trade bodies or professional associations that the business is part of, this could include the membership number and/or registration details.

2) GDPR User Consent & Security


As a business you have already ticked your GDPR boxes and now you need to apply the same methodology to your website; but what is GDPR Compliance?

GDPR compliance means adopting the principle of affirmative consent. This requires a switch from an “opt-out” approach to an “opt in” approach concerning data collection and processing

There are eight rights under GDPR (this is the legal bit):

  1. The Right to Information
  2. The Right of Access
  3. The Right to Rectification
  4. The Right to Erasure
  5. The Right to Restriction of Processing
  6. The Right to Data Portability
  7. The Right to Object
  8. The Right to Avoid Automated Decision-Making

Simply put, whenever you are requesting a user’s information you must ask their permission to do so (gain affirmative consent) and you must give all users the ability to check, change or remove their information from your systems (including your website).

This means that if you have a contact form on your site, you must ask the user their permission to both store their information and contact them. You also need to put on your website Privacy page your procedure for GDPR compliance. Make the process transparent and easy for the users, it not only ticks the GDPR box but also shows your business in a positive light.

3) Terms of Use & Privacy Policy


The most common legal pages on websites are Terms of Use (sometimes Terms & Conditions) and Privacy Policy.

Terms of Use should cover the ownership and copyright of the website’s content. The acceptable and unacceptable use of the website and its content. Registration, password and security procedures.

Privacy Policy should cover what information the website (your business) collects about users and what it will do with that information. Following on from point 2 above, the Privacy Policy page should provide the procedure users can follow to request a copy of their information allowing them their full rights under GDPR.

4) Consumer Protection


If your company website is selling online, then your business will need to comply with a range of legislation that includes the online and distance selling regulations as well as electronic commerce regulations and the consumer rights act.

This is a complex area, but on your checklist the key issues that you need to consider include:

  1. Full disclosure of the required information before an order is placed, this includes full costs, payment terms, delivery arrangements, and the right to cancel.
  2. The required information after an order is placed, this includes a copy of the contract to purchase (order, invoice etc.).
  3. That you fulfil the order in a satisfactory manner in line with your trading terms which are transparent to the customer
  4. That your goods and services are of satisfactory quality, fit for purpose, and as described on your website, after all if they are not you are in the wrong business!

5) Cookie Consent Management


Consent management means giving the users of your website the power to decide for themselves what personal data they share with your business. To empower your end users to make meaningful decisions, you must let people know that your website uses cookies (or other tracking mechanisms) explain what those cookies do, and give users a simple way to accept (in full or in part) or reject them. 

In a nutshell you should:

  1. Assess what Cookies you have on your website (sometimes called a Cookie Audit)
  2. Sort them into categories, e.g., Necessary (Always on), marketing, statistics, third party, behavioural, advertising etc.
  3. Add in descriptions so users can make an informed decision to accept or decline the cookies.
  4. Implement a Cookie Consent widget on your site and styling it so it does not look out of place.

There is a great video from us here on “Is Your Website Cookie Compliant?” which outlines what you should do on your website for a GDPR compliant consent management solution.

6) Copyright


For your own peace of mind and to answer that copyright question of “Do I need to put a copyright statement on my website?” the answer is simply, yes.

A copyright notice should be included on your website whenever it becomes available to the public. Although not mandatory, using a copyright notice costs nothing, and may help to deter infringements.

About the Author

Andrew Libra

Andrew Libra

As MD of BBI Brandboost, Andrew heads up our award winning team of Online Communications & Marketing Specialists, which provides an extensive suite of website development, application development, online marketing, SEO and social media services to local, national and international businesses. Read more...

Shape Shape