Your business has certain requirements it needs to comply with the current legislation or their could be consequences. Below we have put together a list of must have and some really should haves, to make sure your website is on the right side of the law.
The owner of a business website has a legal obligation to keep up to date with the current legislation, which is a difficult challenge with all the changing rules. Ignorance is not an excuse that the governing bodies will accept for not adhering to the rules, so we have been working with a GDPR consultancy and solicitors to make sure that you remain up to date for our clients and readers. This list will bring you up to date for the start of 2020.
1. Business Identity Transparency
There is certain information about your business that needs to be present on your website, not on all of the pages but easy for the visitor to see. The Companies Act 2006 (a 700 page document) requires you to disclose the below information, but it also works well for usability and for search engine optimisation.
- Company Name
- Company registered number
- Registered office address
- Place of registration, such as England and Wales
- Your company name, postal address and company email address
- How to contact your business via non-electronic means
- The name of any trade bodies or professional associations that the business is part of, including membership or registration details
2. The GDPR Compliance Part
In May 2019 the new GDPR regulations came into effect and shook old outbound marketing up in a big way. It's purpose was to stop spam, improve the rights of individuals and help them take control of their information. We will be doing a checklist over the next month, but here are the main points that need to be addressed.
- All contact form opt ins to be set to default "no" or left blank, so users have to actively opt in
- Forms should collect the minimum amount of information, and only be what is required for the task at hand
- Making it easy for users to withdraw their consent or opt out
- Notify the users of which cookies are being used and what they are doing
- Have a data breach process in place in case the worst happens
3. Full Set Of Policies
Every website needs the below documents, either as webpages or as pdfs for visitors to access.
- Cookies Policy - explains to the visitor what cookies you use on your website and and how you use them
- Acceptable Use Policy - lays out to the user what they can and cannot do with your website information
- Terms & Conditions - letting potential and existing clients know important information about how they work with your company, very important for ecommerce companies
The Equality Act 2010 outlines that websites must be accessible to everyone who needs it. These are the main points to make sure you have ticked to adhere to the rules.
- Get the website to AA level of Web Content Accessibility Guidelines (WCAG 2.1)
- Make sure the site works with screen magnifiers, screen readers and speech recognition tools
- If doing any usability testing, include people with disabilities
- Make sure you have an accessibility statement
5. Consumer Protection
If you are selling online you will need to make sure your business complies with these three bits of legislation; online and distance selling regulations, electronic commerce regulations and the consumer rights act.
There are lots to make sure are ticked off in this category, but the most important points to address are below.
- The full cost, payment terms, delivery arrangements, and the rights to cancel being clearly displayed to the user before an order is placed
- The contract and receipt are sent after an order has been placed
- That you fulfill the order in a satisfactory manner
- That your goods and services are as described on your site and fit for purpose
Most websites have copyright and the year at the bottom of the website in the footer. If your website consists of original content then that is inherently copyright protected. This does not stop some businesses from copying your website content and passing it off as their own.
It is down to each business owner to protect their own content, as well as make sure that you respect the copyright belonging to others.
- Only make use of your own images, copyright free images or images that you have the license to use (be careful as editing these can sometimes infringe copyright).
- Monitor other sites to make sure they are not infringing on your copyright
7. Cyber Security
As a business it is your responsibility to make sure that the appropriate steps have been taken to protect from accidental or deliberate data breaches. The ICO (Information Commissioner's Office) have a list of technical security processes that are considered to represent the appropriate steps.
The main points that you should have covered are;
- Having an up to date SSL certificate (Google is now applying warnings to websites that do not have these)
- Making sure your website software is up to date (your Content Management System and any extensions/plug ins)
- Conducting a test for website security vulnerabilities