What are the legal requirements for an e-commerce business?
Although your legal obligations are much the same as a traditional brick-and-mortar retailer, there are additional areas that you need to consider when trading online. This includes online payment security standards, policies for your website, accessibility and more.
1. Electronic Commerce Regulations
These regulations relate to information that you should clearly provide on your website if you’re selling online, including:
Your business name (and trading name if you have one)
Your address (and registered address if this is different)
Contact email address
Company registration number
Any Trade or Professional Association memberships
Your VAT number if you’re VAT registered
Typically, this information features in your website footer.
2. Terms and conditions
As an online retailer, it’s important to have terms and conditions in place as an online contract to reduce your legal risk. Make sure this is tailored to your business, for example Business-to-Business (B2B) or Business-to-Consumer (B2C).
3. Online selling rules
There are extra steps that you must take when selling online to Consumers. A Consumer is an individual acting for purposes wholly or mainly outside of a business, and their statutory rights cannot be taken away or altered.
Before the sale, this includes:
- Making it clear to Consumers they have to pay when ordering
- Clearly displaying delivery options and costs
- Giving an accurate description of your goods or services
- Informing customers of their right to cancel. For goods, up to 14 days from the receipt of the goods, and for services, up to 14 days from the date the contract is entered into). There are limited circumstances in which there is no right to cancel, for example bespoke or perishable goods
After the sale, this includes:
Confirming the contract and associated terms, including the right to cancel with an order confirmation email
Delivering the goods within 30 days, unless agreed otherwise
4. Consumer Rights Act
The Consumer Rights Act outlines what rights a Consumer has and what your obligations are as a goods or services provider in the event of a dispute. For example, when you’re putting together your product descriptions, you should make sure they’re accurate to avoid misleading customers under the terms of the Consumer Rights Act.
If you are selling business to business, then the Sale of Goods Act 1979 (as amended) applies, unless your terms and condition alter or amend this.
5. Is your online shop accessible?
By law, you must make reasonable adjustments to ensure your website is suitable for all, including disabled users. The Web Content Accessibility Guidelines are an international standard for ensuring that websites are accessible for all.
If you’ve chosen to set up your own ecommerce website rather than sell through an online marketplace, you’ll want to make sure that it’s designed with accessibility in mind.
If a user is registering for an account on your website, purchasing a product, or receiving your marketing emails, you need to ensure that you are handling this data correctly in compliance with data protection laws.
6. UK GDPR
The Data Protection Act 1998 has been replaced by the Data Protection Act 2018, which incorporates the General Data Protection Regulation (GDPR). GDPR is an EU regulation that no longer applies to the UK, however, the provisions of GDPR have been incorporated into UK law as the UK GDPR. The regulation applies to any business that processes personal data.
Get started with a step-by-step UK GDPR checklist
Stay compliant and protect your business with a guide to dealing with data
Visit FSB’s data protection hub for more practical advice and guidance
7. Privacy and Electronic Regulations (PECR)
Whether you’re sending out email newsletters with your latest offer or calling prospective clients, you need to ensure you’re staying on the right side of the law. In addition to UK GDPR, Privacy and Electronic Regulations (PECR) give individuals privacy rights linked to electronic methods of communication, including email marketing and cookies. The regulations apply to both B2B and B2C marketing. The ICO provides an overview of the basics of PECR for businesses.
You can access a detailed FAQ about direct marketing and the implications for UK GDPR and PECR on the FSB Legal Hub.
Next, let’s take a look at some of the fundamental policies that you’ll need to have in place on your e-commerce website.
What should you include?
Let customers and visitors know what data you’re collecting and how you store it
Explain what data (if any) you’ll be sharing and with whom.
Make sure your give customers the choice of opting in or out
Inform customers of their rights
State how long you hold onto the data
Why you’re using them on your website
The types of cookies you’re using
Relevant information about third parties using the data from cookies
11. Refund and return policy
A major policy for businesses operating in the e-commerce space is a refund and returns policy. Every now and then you might experience a customer who requests a refund for a faulty item, is unhappy that a product has arrived damaged, isn’t impressed with the service, or wants to return an item that isn’t suitable.
Therefore, a robust refund and return policy protects your business and manages customer expectations. When putting together your policy, you need to remember Consumer rights, for example giving full refunds within 30 days for a faulty product.
Processing online payments
Last but not least, taking online payments is an essential aspect of e-commerce, whether it’s credit cards, PayPal or other providers. Offering multiple ways to pay provides a more convenient checkout experience with less friction, but you need to ensure this is secure and compliant to protect both you and your customer.
12. PCI compliance
Security measures like the Payment Card Industry Data Security Standard (PCI DSS) are not only essential for compliant online transactions, but also serve to boost customer confidence when making a purchase.
Although it’s not required by law, failure to comply with PCI can result in fines from your bank provider if there is a data breach. You also risk breaching the Data Protection Act 1998 and enforcement action from the ICO.
13. Strong Customer Authentication
New rules under the Payment Service Directive 2 (PSD2) mean that consumers are now required to confirm their identity when purchasing online to improve payment security.
Strong Customer Authentication (SCA) is a form of two-factor authentication, whereby extra steps are put in place for online card transactions to reduce card-not-present fraud.
Discover what you need to know about Strong Customer Authentication and how it applies to your business.
14. Ban on surcharges
Giving your customers the option of several payment methods on your website creates a better checkout experience. Surcharge rules ban traders from adding a surcharge fee in addition to the price of a transaction if paying with a certain method of payment like credit cards or electronic payments.
The content of this article has been created and published by FSB