Is Your Website Legal?

11th March, 2012 in Website Policy 31 Comments

Did you know your website must adhere to some legal requirements? I have written a series of blogs on 7 important legal requirements your website and E-Commerce site must adehere to.

  1. Company Information
  2. Web Accessibility and the Disability Discrimination Act
  3. The Data Protection Act
  4. Consumer Protection (Distance Selling) Regulations
  5. Electronic Commerce Regulations (EC Directive)
  6. PCI DSS
  7. The EU Anti Spam Laws
  8. The EU Cookie Directive

Here is a summary of the 8 important requirements.

So What Does My Website Need to Conform?

To ensure your website is legal you must:

All Websites

  • For a registered business, the website needs to display the following Company Information the Business Name, place of registration, registered number, its registered office address and if it is being wound up.
  • Adhere to Priority 1 of the Web Accessibility Guidelines set out at W3C
  • If the website collects user data (i.e. via simple enquiry form, or shopping cart), display a Privacy Policy informing the user what the business does with the data and that it conforms to the The Data Protection Act. The Privacy Policy needs to explain what cookies the website will create and what they are for. 
  • Require user consent to leave cookies on the visitors machine, unless the cookie is a necessary requirement for the website to function

E-commerce Sites

Picture of Heather Dorso

Heather Dorso 2nd January, 2012 at 18:06 pm

A privacy policy is of utmost importance. Visitors/customers need to know what you do with their information. Copy pasting another website’s privacy policy is not the way to go. A privacy policy needs to be unique and simple to understand. TRUSTe’s small business offerings provide a simple, reasonable alternative to cutting and pasting a privacy policy. Also, case studies show that TRUSTe seals increase sales and registrations [3-5%]

Picture of Andy Williams

Andy Williams 26th April, 2013 at 13:41 pm

If a website doesn't comply with the above. who do you complain to (I've tried complaining to the company concerned, but they've just ignored me). Where next? Is it the ICO?

Picture of Laurence Cope

Laurence Cope 26th April, 2013 at 14:37 pm

There are various organisations that may be able to help, but it depends on the issue you want to complain about. I would start with the following organisations: (Anti-Spam Laws) (PCI Compliance) and other Ombudsman, but I am unaware of an Ombudsman for websites. (Data Protection, Cookies, Spam) (Disability/Accessibility Issues)

There may be other websites. I don't believe the website industry to be very controlled at the moment. There are no governing bodies or regulators to ensure we all comply to certain standards like other industries. Yes, there are laws, but I do not believe they are upheld much. I wish a regulator was introduced to reduce the number of unprofessional website developers like other industries, which would ensure websites were of greater quality and adhered to the law and standards, but alas, ANYONE can build a website to the poorest quality if they so wish, and I have yet to hear about any legal actions taken against the medium to small business and personal websites, generally the much larger organisations and brands would be the target.

Good luck!

Picture of Graham Williams

Graham Williams 16th August, 2013 at 8:38 am

I get regular emails that takes up my time responding to them.

If I create an information only website that generates no income and helps to reduce my incoming emails. I will leave an email address. Do I still have to leave an address?

Picture of Laurence Cope

Laurence Cope 16th August, 2013 at 9:54 am

Company websites need to display the information, so if its not your main company website, just a website provide other information, then it should be fine.

Personally I would want to not lose that traffic to my own site so I would add that info to a blog or FAQ section on my own site to maintain the connection to the business and help with Google rankings.

Picture of Late Latino

Late Latino 5th September, 2013 at 1:38 am

Thanks. This info is not available in Spanish

Picture of Kevin C

Kevin C 8th March, 2014 at 17:16 pm

What are the specific legal page requirement of a Dating site? i

Picture of Laurence

Laurence 8th March, 2014 at 20:00 pm

The legal requirements here are general website legal requirements. What we cannot advise on are the specific legal requirements associated with the type of website/business sorry. Especially as every business may operate differently. You would need to the help of a legal/business advisor.

Picture of Digonto

Digonto 21st May, 2014 at 13:34 pm

i want to know is this legal way? that i create privacy policy with online privacy policy generator?

please ans me

thank you..

Picture of Laurence Cope

Laurence Cope 21st May, 2014 at 17:15 pm

A privacy policy needs to describe what your policy is about privacy, what you do with customer data etc. If you use an online generator to generate one, and this accurately represents your policy on privacy, and the generator does not use other peoples content, but has created the content themselves, and they clearly give you the right to use their content, then sounds fine to use it by me.

Picture of Paul watchorn

Paul watchorn 30th June, 2014 at 9:35 am

Hi, I have been trying to find out what information I am legally bound to include on my web site.

I don’t have a limited company. I am self employed and advertise via my web site.

I am interested to know my exact legal position in terms of what I need to include.

Many thanks


Picture of Laurence Cope

Laurence Cope 2nd July, 2014 at 13:48 pm

hi Paul. I would suggest follow all the guidelines I list above but there is no need to implement any specific to companies, like including company number (because you wont have one).

Picture of Natalie

Natalie 21st October, 2014 at 17:02 pm

Hi Laurence,

I'm looking for information on the legal requirements for our charity website. Am I correct in assuming we do not need a privacy policy online if we do not have online data collection forms of any sort? If people sign up to our newsletter, for instance, via email or offline channels the data protection can be handled externally from the website? Are there any other considerations for a privacy policy?

Many thanks

Picture of Laurence

Laurence 23rd October, 2014 at 21:12 pm

Hi Natalie

A privacy policy should be shown on the site if you collect any form of data from a visitor to the site. If you have a newsletter sign up form on there, you, the charity, are still collecting the users details no matter what external system is used. You should have a policy to let the users know what you do with that data. Even if you do not collect any information, you still may be without realising, e.g. you may have statistics on the site (Google Analytics) or be the website may have cookies, so I would recommend you have a policy to state what you do with the data, which may just be "nothing" but at least you make that clear! Its better to have one that's not needed than not have one that may be needed.

Picture of sandra

sandra 18th November, 2014 at 12:07 pm

As a registered company we purely display our products on our web site and they can only be purchased from dealers not through us. We use no cookies and no in-built forms, a contact us form on the web site kick-starts the user's own email to auto-address the email to the selected member of the Sales team. No data is collected, nor cookies added. Do we only require our full company details & address to be shown ? what about any other details?

Picture of Laurence Cope

Laurence Cope 18th November, 2014 at 18:20 pm

Firstly we are not lawyers but web developers speaking with experience, these are my opinions.

Your company is still receiving emails from the person emailing you, so I would say its best to have a privacy policy stating what you do (or not) with that information, otherwise who's to know you are not selling their contact information to third parties. Your site is not an eCommerce site so no need to comply with eCommerce regulations. Even if you do not leave cookies I would have a page that says this so visitors know its cookie free. Company Information needs to be added as you are a registered business. Web accessibility guidelines are a legal requirement regardless.

I will say, the above is not enforced much (if at all!) so as your site is quite basic and as you say not using cookies or taking payment, then I would not panic if it does not conform... I would be more concerned if it was an eCommerce site and you did not confirm. But nevertheless, its still good practice to have company information and a privacy and cookie policy.

Picture of Eva

Eva 26th January, 2015 at 17:02 pm

How do I "get" a Privacy Policy for my website? From what I understand it must be personalised. Are there templates or anything? Surely I'm not the only one who needs to have this ...

Picture of Laurence Cope

Laurence Cope 26th January, 2015 at 18:47 pm

Hi Eva. No you at not the only one. You either write one yourself, use a template from somewhere (which may need customising) or pay someone else to do it. Have a look at ours, it's straightfoward. Feel free to use as a basis for own.

Picture of Mr V Chat

Mr V Chat 31st May, 2015 at 15:34 pm

Hi, I recently used a web site to buy an item. On their web site in the contacts section it gave out a false Limited Business name and was using a Mail Forwarding Service in the USA. Through my bank I was able to locate the business in question to an address here in the United Kingdom. The business name here in the UK was a Limited company but a different business name and obviously address. Is it illegal for a business person to basically use a false non-existent business name including pretending it's a Limited company also using a Mail Forwarding Service in the USA targeting the British market ?

Basically someone has gone to all the trouble of setting up a non-existent company in the USA and also uses a Mail Forwarding Service in the USA to target the United Kingdom market. The person/company that has done this is actually based in the UK.

Needless to say I was scammed but managed to get vital information from my bank and found out where the money went to here in the UK.

Is it illegal to do this ?

Picture of Mr V Chat

Mr V Chat 31st May, 2015 at 15:48 pm

Forgot to also ask : I wrote to this same company requesting their Data Protection Registration number on 18th May 2015 and sent it recorded delivery. They received it the next day as I checked with Track & Trace. They have not replied to that request. I have since e-mailed twice letting them know I have not received their Data Protection Registration Number to date and requested they send it by e-mail just in case it has been mislaid in the post.

Can you tell me how long they have to respond to that request and what I should do if they do not comply ?

I thank you in advance for your time and assistance on this matter.

Picture of Laurence Cope

Laurence Cope 4th June, 2015 at 10:29 am

Hi Mr V Chat. Sorry to hear about your issues, hope you get it all sorted. Specific legal issues like this are out of our remit I'm sorry. We are not legal professionals but a web development company, so I can only recommend what legal requirements your website should have! Perhaps you could contact one of the companies I list in my 3rd comment above or Trading Standards, and they should be able to advise.

Picture of Mr V Chat

Mr V Chat 4th June, 2015 at 12:19 pm

Hi Laurence Cope

Thank you, Trading Standards have now instructed me to contact a fraud link. Just in case you was wondering it's regarding one of those EHIC copy cat web sites or should I say scam. Luckily we have exposed their weak link in how the scam is executed which shows, what we believe to be criminality in this case. Thank you.

Picture of Mark Laurie

Mark Laurie 19th October, 2016 at 9:55 am

Hi Laurence,
Is it a legal requirement for a partnership or sole trader to display their trading address on their website?

Picture of Andy King

Andy King 1st June, 2017 at 17:23 pm

Hi Laurence,

This blog seems to be a really straightforward, useful resource - thank you for it. Obviously some changes coming with GDPR, but other than that, are you keeping the content here up to date?

Picture of Web design consultants

Web design consultants 20th December, 2017 at 7:28 am

Hey! Your blog has great information and this helps me to know about my website is legal or not and what things I need to confirm. Thanks for sharing this.

Picture of Andy

Andy 24th January, 2018 at 13:47 pm

Hi thanks for all the great info. Is it all still current? I see the post was created back in 2012.

Picture of Darren

Darren 23rd January, 2019 at 17:09 pm

Does a website have to clearly display where its Privacy Policy can be found?


Picture of Laurence Cope

Laurence Cope 25th January, 2019 at 10:02 am

Due to GDPR, then yes you need to display the privacy policy as this will be where your GDPR policy is documented. You certainly need it where you collect user information, so like before they submit data to you. Some people may need to access your policy without going to a form and therefore you should add a link to it on the site somewhere. The usual place is in a footer link on every page, alongside your other legal pages like T&Cs; (is applicable), Disclaimer, Copyright, Cookie Policy etc.

What we have started to do now is have one "Legal Policies" page and then pot them all on there, usually in tabs, as it makes it easier than creating all these separate pages and links, and reduces footer menu links.

Picture of Laurence Cope

Laurence Cope 25th January, 2019 at 10:05 am

And about this post being up to date.... everything above should still stand, except I notice we have not added info about GDPR, so we really should! Its tricky managing ones own website when you're focused on getting your customers websites right!

Picture of Joseph Donahue

Joseph Donahue 30th July, 2021 at 16:12 pm

Interesting article. It’s refreshing to hear some criticism of responsive design. However, I think having the ability for a website to adapt to the device is very important. Mobile users probably won’t be sitting comfortably at their desk. They might be in the middle of walking down a street or riding a bus on the way to work. They might not even have both hands free, in which case precision zooming becomes difficult. Some more points: Usability – I agree with Tristan, the user doesn’t necessarily expect the website to reflect the “desktop layout”. In fact, usability expert Jakob Nielsen recommended in a recent newsletter that designers should build a separate mobile-optimized version. While this seems quite extreme, responsive layouts offer a lot of the same benefits for a lot less effort. ROI – Obviously you should be using analytics software to track the percentage of mobile users and gauge the ROI from developing a responsive layout. However, mobile browsing is expected to overtake desktop browsing within a few years so future-proofing your site is something worth considering. Load Time Benefit – True, there usually isn’t a load time benefit. However, there are developers working on this (e.g. Responsive Images Community Group). Since a traditional desktop layout doesn’t reduce the load time benefit either, this isn’t really a good reason not to use responsive design. Cost – Yes, it does take longer and costs more. You do need to be able justify the extra work. Having said that, there are a lot of templates and frameworks out there that are responsive. Using these can dramatically speed up development time and give you the benefits of responsive design with little extra cost. Responsive layouts aren’t without their problems (they still suck at displaying tables) but I think they’re a step forward in the evolution of web design. Joseph Donahue

Leave a Reply