I will start this post with the usual proviso. I am not a lawyer and you should always get proper legal advice. That said, if you go in with as much knowledge as possible, then that legal advice will cost you less. My blog post this week is about some key legal responsibilities, you need to consider, when creating and managing your website for your business or organisation.
Hopefully you have all heard about the new EU data protection legislation 'General Data Protection Regulations' or GDPR for short. You have until May 25th 2018 to prepare. Much of the legislation is not new. However, it does make some areas of responsibility a lot clearer. The law covers the rights of the consumer to privacy of their data and how it is used.
The main areas it covers:
Below is an overview of the main points to consider, but you need to familiarize yourself with the new legislation and ensure you understand your responsibility as it pertains to your business.
For more information on GDPR see the overview on the ICO website
If you have a WordPress website WPMU Dev have produced a really good article on this:
You need to ensure that any cookies on your website are optional, if not directly required for essential functionality. Be very careful how you identify essential functionality. Exceptions are made for cookies that are essential to provide an online service at someone’s request (eg to remember what’s in their online basket, or to ensure security in online banking). This does not cover cookies for collecting statistical information such as those used by Google analytics.
A cookie is a small text file place on you computer by websites that can be used to store information about a visit to that website.
What are the different types of cookies?
A cookie can be classified by its lifespan and the domain to which it belongs. By lifespan, a cookie is either a:
As for the domain to which it belongs, there are either:
You must tell people if you set cookies, and clearly explain what the cookies do and why. You must also get the user’s consent.
Consent can be implied, but must be knowingly given.
The Equality Act 2010 (EQA) which came into force in October 2010, replacing the Disability Discrimination Act 1995 (DDA) in England, Scotland and Wales, was introduced with the intention of dealing with the issue of disability discrimination.
As a website owner you are required to make 'reasonable adjustments' to ensure your website isaccessible to everyone, including users with impairments to their:
This can include simple measure such as:
You can find some good information on your legal responsibility concerning accessibility on Gov.uk
The standard for web accessibility is Web Content Accessibility Guidelines (WCAG 2.0) you need to ensure your website meets AA level compliance.
If you are selling your services or products online you need to be aware of the the Electronic Commerce (EC Directive) Regulations 2002. This was put in place to further protect consumers when buying products or services online. The legislation is quite detailed but includes what information you must include on your website such as company name, addresss As of 1st January 2007, it is compulsory to provide additional information such as a company registration, as outlined in the Companies Act 2006.
The act also includes information about contracts between the buyer and seller when made online that could effect the way your checkout process should work. The regulations state that electronic contracts should be able to be completed online, and that the consumer has the right and the ability to revise any mistakes in their order prior to making their purchase (their conclusion of the contract). Once the order is placed, confirmation of the order and all relevant information including terms and conditions, delivery times and prices should be sent to the consumer without 'undue delay'.
In other words it should be easy to change an alter an order and all terms and conditions including delivery should be clear and sent to the customer when the order is completed.
You also need to look at the way you ardertise your products and services. Be sure your product and service information is clear and consise and not misleading in anyway.
The law also covers unslisted emails and how people concent to any email you send to them beyon what is required for the product or service they have purchase from you.