Running a business website in the UK comes with legal responsibilities. From GDPR compliance to displaying your business details, getting it right isn't just about avoiding fines — it's about building trust with your customers and demonstrating that you take their privacy seriously.
The legal landscape can seem daunting, but the requirements for most small business websites are straightforward. Here's a comprehensive guide to what you need to know and implement.
GDPR: The General Data Protection Regulation
Despite Brexit, the UK has retained GDPR principles through the UK GDPR and Data Protection Act 2018. Every business that collects personal data through their website — which includes names, email addresses, phone numbers, IP addresses, and cookie data — must comply.
Key GDPR requirements for your website include having a lawful basis for processing personal data, informing users what data you collect and why, obtaining explicit consent before collecting marketing data, allowing users to access and delete their data on request, protecting stored data from unauthorised access, and reporting data breaches to the ICO within 72 hours.
For most small business websites, the practical implementation involves a clear Privacy Policy, a compliant cookie consent mechanism, and secure forms that only collect necessary information.
Your Privacy Policy
Every UK business website must have a Privacy Policy. This document explains what personal data you collect, why you collect it, how you use it, how long you keep it, who you share it with, and how users can exercise their rights. Your Privacy Policy should be written in clear, plain language — not legal jargon.
Common items to include are contact form data usage, analytics tracking (Google Analytics), email newsletter subscriptions, cookie usage, social media information, and payment processing data if applicable. The policy should be easily accessible from every page of your website, typically via a footer link.
Cookie Consent
UK websites must inform visitors about cookie usage and obtain consent for non-essential cookies before they are set. Essential cookies (those required for the website to function) don't require consent, but analytics cookies, marketing cookies, and social media tracking cookies do.
Implement a cookie consent banner that clearly explains what cookies your site uses, provides a genuine choice to accept or reject non-essential cookies, doesn't use deceptive design patterns to encourage acceptance, remembers the user's choice for subsequent visits, and doesn't load non-essential cookies until consent is given.
Business Information You Must Display
Under the Companies Act 2006 and E-Commerce Regulations 2002, your website must clearly display your company name (the full registered name if you're a limited company), your registered office address (for limited companies), your company registration number, your VAT registration number (if VAT registered), and a way for customers to contact you (typically email and phone).
For sole traders and partnerships, you must display the business name and the owner's name, a geographic address (not just a PO Box), and contact details. This information should be easy to find, typically on a Contact Us or About Us page.
Terms and Conditions
While not strictly required for all websites, Terms and Conditions are highly recommended. They protect your business by setting clear expectations about your services, payment terms, cancellation policies, and liability limitations. For businesses that sell products or services online, Terms and Conditions become more critical, covering areas like refund policies and consumer protection rights.
Accessibility Considerations
While the UK doesn't have specific website accessibility legislation equivalent to the US ADA, the Equality Act 2010 carries an implicit requirement to not discriminate against disabled users. Best practice is to follow the Web Content Accessibility Guidelines (WCAG) 2.1 at Level AA. This means ensuring your website is navigable by keyboard, screen readers, and other assistive technologies.
Accessibility isn't just a legal consideration — it's good business practice. Making your website accessible opens it up to a wider audience and often improves the user experience for everyone.
Stay Compliant Without the Stress
Our templates come with privacy policy templates, cookie consent mechanisms, and proper business information sections built in. This gives you a compliant foundation that you can customise with your specific business details. If you're uncertain about any aspect of compliance, consider consulting a solicitor who specialises in digital law — the cost of professional advice is far lower than the cost of getting it wrong.
