Having a business website designed isn’t just about throwing some images and content together. There are regulations that these sites need to adhere to. To make sure that you and your website designer are on the same page with the project, here are legal requirements for business websites.

The Basics

A few fundamental requirements that websites need to adhere to are a few things that you would likely have on there already. These include providing basic information about the business:

  • The company telephone number and email address.
  • The trading address.
  • The company name.

There are different rules here for different types of companies, for instance, for a sole trader trading under a different name for their business, the site will need to specify the owner as of the owner.

Privacy & Data Protection

Any site that customers deal with where they have to submit personal data like placing an order to subscribing to a mail list needs to be compliant with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Prior to collecting any personal data, the company needs to include an automated privacy notice on the website. This needs to be comprehensible and dictate the reason that the data is being collected.


It’s common for websites to use cookies, small files stored on the user’s device, that remember things like user preference and such. These are used for a number of reasons but mostly to improve the visitor experience and target advertising, for example.

When it comes to these files, there needs to be a notice that pops up on the site for users can consent to. This needs to include the reason that the cookies are being used and this should also be included in the privacy notice.

Website Security

Linking to the above-mentioned personal data collection procedures, all UK sites that do this need to have adequate cybersecurity measures that protect user information. This is a legal requirement under the GDPR, it’s additionally a requirement outlined by the Payment Card Industry Data Security Standard (PCI DSS). This needs to be obeyed by any company that processes payment details. Some examples of website security measures include:

  • Using HTTPS security encryption and installing an SSL certificate.
  • Monitoring and restricting your workforce access to user data and admin functions.
  • Keeping all site passwords and sites updated regularly.
  • Having anti-virus software and using a firewall.

Other requirements include the accessibility of your site, best practice and laying out the steps of what happens if orders are accepted through your site. These requirements fall under the Equality Act 2010 and the Electronic Commerce (EC Directive) Regulations 2002.

If you’re looking for website designing services and other marketing efforts that comply with all of the legal requirements highlighted above and more, contact us today!