What are the legal requirements for an e-commerce business?

Although your legal obligations are much the same as a traditional brick-and-mortar retailer, there are additional areas that you need to consider when trading online. This includes online payment security standards, policies for your website, accessibility and more.

1. Electronic Commerce Regulations
These regulations relate to information that you should clearly provide on your website if you’re selling online, including:

Your business name (and trading name if you have one)
Your address (and registered address if this is different)
Contact email address
Company registration number
Any Trade or Professional Association memberships
Your VAT number if you’re VAT registered
Typically, this information features in your website footer.

2. Terms and conditions
As an online retailer, it’s important to have terms and conditions in place as an online contract to reduce your legal risk. Make sure this is tailored to your business, for example Business-to-Business (B2B) or Business-to-Consumer (B2C).

3. Online selling rules
There are extra steps that you must take when selling online to Consumers. A Consumer is an individual acting for purposes wholly or mainly outside of a business, and their statutory rights cannot be taken away or altered.

Before the sale, this includes:

  • Making it clear to Consumers they have to pay when ordering
  • Clearly displaying delivery options and costs
  • Giving an accurate description of your goods or services
  • Informing customers of their right to cancel. For goods, up to 14 days from the receipt of the goods, and for services, up to 14 days from the date the contract is entered into). There are limited circumstances in which there is no right to cancel, for example bespoke or perishable goods

After the sale, this includes:

Confirming the contract and associated terms, including the right to cancel with an order confirmation email
Delivering the goods within 30 days, unless agreed otherwise

4. Consumer Rights Act
The Consumer Rights Act outlines what rights a Consumer has and what your obligations are as a goods or services provider in the event of a dispute. For example, when you’re putting together your product descriptions, you should make sure they’re accurate to avoid misleading customers under the terms of the Consumer Rights Act.

If you are selling business to business, then the Sale of Goods Act 1979 (as amended) applies, unless your terms and condition alter or amend this.

5. Is your online shop accessible?
By law, you must make reasonable adjustments to ensure your website is suitable for all, including disabled users. The Web Content Accessibility Guidelines are an international standard for ensuring that websites are accessible for all.

If you’ve chosen to set up your own ecommerce website rather than sell through an online marketplace, you’ll want to make sure that it’s designed with accessibility in mind.

Data Protection
If a user is registering for an account on your website, purchasing a product, or receiving your marketing emails, you need to ensure that you are handling this data correctly in compliance with data protection laws.

6. UK GDPR
The Data Protection Act 1998 has been replaced by the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR). GDPR is an EU regulation that no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as the UK GDPR. The regulation applies to any business that processes personal data.

Get started with a step-by-step UK GDPR checklist
Stay compliant and protect your business with a guide to dealing with data
Visit FSB’s data protection hub for more practical advice and guidance

7. Privacy and Electronic Regulations (PECR)
Whether you’re sending out email newsletters with your latest offer or calling prospective clients, you need to ensure you’re staying on the right side of the law. In addition to UK GDPR, Privacy and Electronic Regulations (PECR) give individuals privacy rights linked to electronic methods of communication, including email marketing and cookies. The regulations apply to both B2B and B2C marketing. The ICO provides an overview of the basics of PECR for businesses.

You can access a detailed FAQ about direct marketing and the implications for UK GDPR and PECR on the FSB Legal Hub.

Policies

Next, let’s take a look at some of the fundamental policies that you’ll need to have in place on your e-commerce website.

8. Website terms of use
Whether a customer is browsing your site, registering for an account, or going through the checkout process, your website terms of use include the conditions that the user agrees to when using your website. In essence, it explains what is required of a customer if they use your service. Ultimately, they service to protect your intellectual property, such as with information relating to the permitted use of your content.

9. Privacy Policy
No matter what you’re selling online, processing customer data is central to running an e-commerce business. Whether it’s an email address to register for an account or credit card details to make a purchase, your business may collect various types of data that needs to be protected. Failure to have a privacy policy will leave you in breach of UK GDPR and open to both fines from the Information Commissioner’s Office (ICO) and legal action by data subjects.

A privacy policy provides an overview of how your business collects, uses and stores your customers’ personal information. You need to let your customers know why you do this, what you do with the data and how you protect it.

What should you include?

Let customers and visitors know what data you’re collecting and how you store it
Explain what data (if any) you’ll be sharing and with whom.
Make sure your give customers the choice of opting in or out
Inform customers of their rights
State how long you hold onto the data
Your privacy policy needs to be easy to find and understand. It commonly features as a link in the footer of a website. On some websites, you might encounter a pop-up to disclose that by continuing to use the website, you’re agreeing to terms of their privacy policy.

10. Cookie Policy
If you’re website uses cookies (for example, to track user behaviour for analytics or marketing purposes), then you need to include a section dedicated to them in your privacy policy. Your cookie policy should include:

Why you’re using them on your website
The types of cookies you’re using
Relevant information about third parties using the data from cookies
Again, failure to have a cookie policy will leave you in breach of UK GDPR and open to both fines from the ICO and legal action by data subjects.

11. Refund and return policy
A major policy for businesses operating in the e-commerce space is a refund and returns policy. Every now and then you might experience a customer who requests a refund for a faulty item, is unhappy that a product has arrived damaged, isn’t impressed with the service, or wants to return an item that isn’t suitable.

Therefore, a robust refund and return policy protects your business and manages customer expectations. When putting together your policy, you need to remember Consumer rights, for example giving full refunds within 30 days for a faulty product.

Processing online payments

Last but not least, taking online payments is an essential aspect of e-commerce, whether it’s credit cards, PayPal or other providers. Offering multiple ways to pay provides a more convenient checkout experience with less friction, but you need to ensure this is secure and compliant to protect both you and your customer.

12. PCI compliance
Security measures like the Payment Card Industry Data Security Standard (PCI DSS) are not only essential for compliant online transactions, but also serve to boost customer confidence when making a purchase.

Although it’s not required by law, failure to comply with PCI can result in fines from your bank provider if there is a data breach. You also risk breaching the Data Protection Act 1998 and enforcement action from the ICO.

 

13. Strong Customer Authentication
New rules under the Payment Service Directive 2 (PSD2) mean that consumers are now required to confirm their identity when purchasing online to improve payment security.

Strong Customer Authentication (SCA) is a form of two-factor authentication, whereby extra steps are put in place for online card transactions to reduce card-not-present fraud.

Discover what you need to know about Strong Customer Authentication and how it applies to your business.

14. Ban on surcharges
Giving your customers the option of several payment methods on your website creates a better checkout experience. Surcharge rules ban traders from adding a surcharge fee in addition to the price of a transaction if paying with a certain method of payment like credit cards or electronic payments.

 


The content of this article has been created and published by FSB

https://www.fsb.org.uk/resources-page/14-e-commerce-laws-and-legal-requirements-for-online-businesses.html

You have decided that your organisation needs a new website. Whilst this can be an exciting time, you may not know where to start. We can help

All you need to know about web hosting, domain names and the DNS!

Get between £1000 and £2500 towards a new Website or CRM system at Framework Digital with a Growth Grant

What is CRM Onboarding and why is it important to get it right?

Starting with HobSpot CRM – Follow the instructions in this post to create a free account in HubSpot