Your website is a digital extension of your physical business. As you wouldn’t operate your business outside of the remit of the law, there is no reason why the digital side of your business should be any different.

Trading disclosures

In addition to being required to provide company information such as registered office and registered company number on company correspondence, you are also required to provide this information on your website. This needs to be in an easily accessible place, such as at the footer of each page or, on a ‘Terms of Use’ or ‘Legal’ page (see below).

Terms of Use

Every website should have key trading information and disclaimers regarding the accuracy of such detail on your website via a Terms of Use. A Terms of Use document contains provisions dealing with access to, and use of, your website. Having a Terms of Use allows you to rely on such terms to prevent unauthorised access to the website, disclosure by users to third parties of access security information, unauthorised reproduction of material contained on the website and unacceptable user behaviour such as hacking, introducing viruses and uploading illegal or defamatory content.


Under the Equality Act 2010, a website operator is required to make reasonable adjustments to ensure its site can accommodate all users, including those with any disabilities. This does not just mean font size, as where information is displayed through images, animation or multimedia, this may place those with a visual impairment at a disadvantage, and may prevent them from accessing the website. You should discuss requirements with your website designer or developer, particularly around practical measures to adopt to make it easier for the visually impaired to access and view your website.

Collecting data

The collection and use of personal data by businesses in the UK must comply with UK data protection laws. If you collect personal and other data via cookies and/or user submission of data, you should have a Privacy Policy and Cookies Policy in place setting out exactly what information is collected and how it is used. Personal data can be both basic, non-sensitive personal data (such as name, contact and credit card details) for the purpose of supplying goods or services to users of the site, or for contacting users with direct marketing information. Personal information can also be more sophisticated, such as information about users' online behaviour, like IP addresses and web log data; these are typically collected automatically via the use of cookies, hence the need for a Cookies Policy. Cookies Policies and Privacy Policies can be separate documents but if your website is mainly static content they could be amalgamated.

Obtaining consent

Whilst a customer to your website that purchases goods will be consenting to be contacted in relation to those services, are they signing up to your newsletter? If so, have you allowed for this, either by seeking the correct level of consent or being permitted to in accordance with your privacy policy? If not you may be in breach of data protection legislation and marketing codes of practice. It is important that where personal data will be used in circumstances that are not reasonably expected given the nature of such data submission that express consent is sought. For example, buying goods or services online through a trader’s website, it would be unreasonable to assume that such personal data can be passed onto third parties for marketing without express consent from the individual.

Selling items online

If you sell items online, you will need terms and conditions upon which you trade with buyers. You may already have your own set of trading terms and conditions and these can be adapted to your e-commerce solution. If you do not have terms and conditions and you only plan to trade online, you will need terms and conditions detailing provisions relating to price, payment, delivery and the liability of each party if things go wrong.

Dealing with consumers

If you sell to consumers through your website, there is a raft of additional rights that they have in respect of buying goods, services or digital content from you. This includes automatic terms about quality and standard of those goods, services or content (some of which cannot be excluded in any circumstances) but there are also Regulations that give consumers rights to cancel contracts even if there is nothing wrong with the supplied product or service (a cooling off period). In the last 12 months there are also obligations on companies operating websites that sell to consumers to give them additional rights of recourse if a complaint cannot be settled between you

Finding out where your host is

Website operators may have establishments which hold data in a number of countries (particularly if you do not directly host your own website on a server operated at your premises). If so, you will need to ensure that you comply with the data protection laws in each of those jurisdictions. Whilst the position across the EU is fairly similar, outside of the EU there are additional protections that should be sought before agreeing with your website provider to host content on those sites. As the website owner, you are ultimately liable for any loss of personal data to your clients, customers and users. As of 2018, new data protection laws will come into effect which are stricter in both their nature and also the penalties for non-compliance (particularly in respect of cross border transfers).

Interactive services

If you have interactive services on your website which allows users to submit information (which they may be publically viewed by other users), you should have an acceptable use policy to ensure such contributors know what they can and cannot submit to the website. You may then rely on such rules to a) prevent unauthorised reproduction of material; or b) undesirable user behaviour such as uploading illegal or defamatory content. The terms would then allow the website owner to remove the offending material and to suspend, or permanently disable, a user's right to access and/or contribute content to the site.