So, you have had your website designed; you have created engaging informative and well-constructed content. The website is hosted on a secure hosting environment and the website development has gone smoothly – it is on time and on budget! But what have you missed?
Yes, the boring legal compliance stuff which every business needs to have in place for its website launch as well as ongoing development. Below are a six of the key legal compliance elements you will need to have on your website:
- The identity of your business
- GDPR User Consent & Security
- Consumer Protection
- Cookie Consent Management
1) The Identity of your business
It sounds a little bit obvious, however under the Companies Act 2006 you must disclose various pieces of information about your company on your website. This is designed to distinguish the legitimate businesses out there from the more dubious ones. This is also a safety net for allowing ease of use of contact; after all your website is there to contact customers and prospects and to help sell your products and / or services, so why not make contacting you as easy as possible!
The information does not need to be on every page, so in most cases you will see this either on the main contact page or on one of the legal pages such as Terms & Conditions. But what information should be disclosed:
- Company name
- Company registered number
- Place of registration, such as England and Wales
- Registered office address
- Your company name, postal address and company email address
- How to contact your business via non-electronic means (postal service!)
- Your business VAT number, even if the website is not being used for ecommerce transactions
Whilst not a legal compliance, it maybe that your industry requires you to display the name of any trade bodies or professional associations that the business is part of, this could include the membership number and/or registration details.
2) GDPR User Consent & Security
As a business you have already ticked your GDPR boxes and now you need to apply the same methodology to your website; but what is GDPR Compliance?
GDPR compliance means adopting the principle of affirmative consent. This requires a switch from an “opt-out” approach to an “opt in” approach concerning data collection and processing
There are eight rights under GDPR (this is the legal bit):
- The Right to Information
- The Right of Access
- The Right to Rectification
- The Right to Erasure
- The Right to Restriction of Processing
- The Right to Data Portability
- The Right to Object
- The Right to Avoid Automated Decision-Making
Simply put, whenever you are requesting a user’s information you must ask their permission to do so (gain affirmative consent) and you must give all users the ability to check, change or remove their information from your systems (including your website).
This means that if you have a contact form on your site, you must ask the user their permission to both store their information and contact them. You also need to put on your website Privacy page your procedure for GDPR compliance. Make the process transparent and easy for the users, it not only ticks the GDPR box but also shows your business in a positive light.
4) Consumer Protection
If your company website is selling online, then your business will need to comply with a range of legislation that includes the online and distance selling regulations as well as electronic commerce regulations and the consumer rights act.
This is a complex area, but on your checklist the key issues that you need to consider include:
- Full disclosure of the required information before an order is placed, this includes full costs, payment terms, delivery arrangements, and the right to cancel.
- The required information after an order is placed, this includes a copy of the contract to purchase (order, invoice etc.).
- That you fulfil the order in a satisfactory manner in line with your trading terms which are transparent to the customer
- That your goods and services are of satisfactory quality, fit for purpose, and as described on your website, after all if they are not you are in the wrong business!
5) Cookie Consent Management
In a nutshell you should:
- Assess what Cookies you have on your website (sometimes called a Cookie Audit)
- Sort them into categories, e.g., Necessary (Always on), marketing, statistics, third party, behavioural, advertising etc.
- Add in descriptions so users can make an informed decision to accept or decline the cookies.
- Implement a Cookie Consent widget on your site and styling it so it does not look out of place.
There is a great video from us here on “Is Your Website Cookie Compliant?” which outlines what you should do on your website for a GDPR compliant consent management solution.
For your own peace of mind and to answer that copyright question of “Do I need to put a copyright statement on my website?” the answer is simply, yes.
A copyright notice should be included on your website whenever it becomes available to the public. Although not mandatory, using a copyright notice costs nothing, and may help to deter infringements.