website compliance checklist

Steer clear of website compliance risk with our essential checklist

[more] protection

website compliance checklist

surfersbeware

websitereGulatorYcompliance

REgUlATIOnS gOvERnIng OnlInE RETAIlIng ARE EvER

ChAngIng. AS TEChnOlOgy AnD COnSUMER nEEDS EvOlvE,

nEW RISKS EMERgE AnD lEgISlATIOn hAS TO KEEP PACE. ThAT’S

Why IT IS CRUCIAl TO STAy On TOP OF ThE lATEST DEvElOPMEnTS

AnD KnOW ThE IMPlICATIOnS FOR yOUR DIgITAl ChAnnElS.

It can be easy to overlook compliance once a website is up and running, but the impact of getting

it wrong is severe. As well as hefty fines, for example where e-privacy rules are breached, one of

the biggest threats is reputational damage. Where a business fails to comply, it can bring its

commitment to consumer rights into question.

Keeping on top of e-commerce legislation is a constant challenge. Developments this year alone

include an extension of the Advertising Standards Authority’s remit to cover misleading and other

problem advertising on an organisation’s own website. The Department for Culture, Media and

Sport provided a response to its consultation on the revised EU Electronic Communications

Framework, and new guidance was issued by the Information Commissioner's Office on the use

of cookies for storing data.

With these and many other legislative issues to consider, it is imperative to take stock of your

website compliance and quickly identify potential risk areas.

What are your compliance risk areas?

Wragge & Co’s Retail team is on hand to help with a new tool to help steer businesses through

the regulatory maze of website compliance. Whether you are involved in business-to-business or

business-to-consumer transactions, this practical guide includes a checklist to ensure your website

is in good shape.

Covering everything from information provided during an online transaction, to third party website

content, IP and data protection issues, it’s an essential risk management tool. See our FAQs to

understand how it can add value to your business and help avoid any costly compliance breaches.

Acting on the issues

Does more than one area flag up a potential issue? Our experts are able to work through this

checklist with you to identify any potential gaps in compliance and areas for improvement.

With first-rate technical skills, commercial insight and extensive sector expertise, they are able to

advise on compliance with the latest e-commerce legislation. For guidance or to obtain a full risk

assessment report on your website, please contact one of our specialists.

FREQUEnTly ASKED QUESTIOnS

What areas of regulation govern online retailing?

Online retailing is heavily regulated and legislation is evolving all the

time. With no single regulatory body governing the area, it can be

difficult to stay on top of requirements. Broadly speaking, the rules

cover : sale of goods; e-commerce; data protection; and advertising

and marketing law.

What issues do these raise for commercial websites?

The issues can be wide-ranging. Commercial websites provide a

‘shop window’ for businesses and are required to provide the same

protection to consumer rights as is expected in-store. This means

giving greater transparency about the business, what it is selling,

for how much, what the customer can expect, and so on.

Common pitfalls include failing to ensure customers’ personal data

is protected, non-compliance with the standard basis of forming a

contract, and breaching consumer protection regulations. The use

of social media also brings specific compliance challenges. Retailers

using Facebook, Twitter and youTube etc will want to manage these

risks carefully and avoid any potential PR errors.

What are the risks?

While many of the regulations themselves are not new, the

consequences of non-compliance are. For example, changes to the

Privacy and Electronic Communications Regulations in May 2011

introduced new powers of enforcement for the Information

Commissioner. Where a ‘serious contravention’ of the regulations is

found, the Information Commissioner can now issue fines of up to

£500,000 to the organisation or person in breach.

As well as fines and enforcement action, one of the biggest effects

of non-compliance is reputational damage. Building and maintaining

a loyal customer base is a challenge all businesses share. Any good

work can be quickly undone through a single compliance error.

What action is needed to ensure compliance?

The first priority is to understand the laws and regulations affecting

commercial websites. This provides the focus needed to work out

where the business stands on website compliance issues and if

there are areas for improvement.

How will the checklist help me?

Taking businesses through the key issues to consider, the checklist

provides an essential health check for any commercial website. It is

designed to give a business confidence in where its website is

meeting current legislation and identify any gaps to be addressed.

What action needs to be taken?

The actions for each business will differ. For some there may be few

issues to deal with, while others may need more of a comprehensive

strategy to ensure compliance. Either way, using the checklist provides

the necessary information to devise an action plan and focus effort in

the right places.

Where Wragge & Co’s Retail team can add value is to help

clients understand the key priorities for their businesses. The risk

assessment report they provide, based on the checklist, identifies

areas of compliance and non-compliance which can be easily

communicated within a business.

How often should website compliance be reviewed?

Reviewing website compliance should be a key feature of any

annual review. Wherever a major change occurs within the

business, such as its products/services, ways of operating, types of

transactions and back-office systems, a re-assessment is needed.

Over time the checklist itself will also evolve in line with new

regulatory developments.

The checklist provides a number of points commercial

organisations should consider to manage risk and

ensure website compliance. Categorised by issue, the

questions are marked with a tick to show whether they

are relevant to business-to-business or business-to-

consumer transactions, or both. Each organisation will

have its own unique risks, and the points set out here

will not necessarily deal with each and every issue

which an organisation may face.

COMPAny InFORMATIOnAre the following pieces of company information included on the website?

Company name

UK trading and geographic address

E-mail address

Telephone number

vAT number

Company registered number

Does the website contain details of any trade organisations to which the company belongs,

together with registration details?

Does the website contain details of relevant professional body or codes of conduct or

authorisation schemes adhered to?

BUSInESS-TO-BUSInESS

BUSInESS-TO-COnSUMER

COnTRACT FORMATIOn

Does the website contain a statement as to whether a copy of the contract will be kept and

made accessible to the customer?

Does the website contain instructions on how to correct errors before an order is placed?

Does the website provide confirmation of which languages the contract can be concluded in?

Does the website provide confirmation of the steps required to form and conclude the contract?

Does the supplier acknowledge receipt of the order by electronic means?

Does the website make information available in a form that can be kept by the customer

(e.g. can it be printed)?



website compliance

checklist

InTEllECTUAl PROPERTy RIghTS

Does the website contain a copyright notice prominently displayed for each copyright work and

for the website in general?

Does the website contain a copyright policy stating restrictions on the use and copying of

copyright work?

Does the website make use of any third party trade marks, images or other third party content?

note: If so, check you have the right to use those materials.



TRAnSACTIOn InFORMATIOn

Does the website provide a clear description of the goods and/or services which can be ordered?

Does the website clearly state the price for the goods and/or services, including vAT

and delivery charges?

Does the website clearly state the arrangements for payment, delivery and performance

of the contract?

note: Performance must be within 30 days, beginning the day after the customer has sent their order, unless otherwise agreed

with the customer.

Does the website provide the customer with a right of cancellation?

Does the website clearly state the cost of using distance communication

(where calculated other than at the basic rate)?

Does the website clearly state the period of time for which an offer/price for the goods and/or

services is available?

note: State any time limits that apply to the ‘offer/price’ or any limitation due to availability of stock.

Do not give misleading information.

Does the website clearly state the minimum duration of the contract?

note: This is applicable where supply of goods and/or services will be permanent or recurring.

Does the website notify the customer if the company is reserving a right to supply substitute

(equivalent) goods and/or services?

Does the website notify the customer if the company will meet the cost of returns in the event

that the customer wishes to return substitute (equivalent) goods and/or services?












ADDITIOnAl InFORMATIOn (MAy BE POST COnTRACT)

Does the website provide written confirmation of how the customer may exercise their

cancellation rights, including the effect on goods and/or services?

Does the website provide details of whether the supplier or customer would be responsible

for the return (and cost of return) of cancelled goods?

Does the website provide details of any after-sales services and guarantees offered?

Where the term of the contract is for more than one year or an unspecified duration, does the

website clearly state the conditions for exercising any contractual right to cancel the contract?



RIghT OF CAnCEllATIOn

Does the website specify the information set out in the section on ‘Additional information (may

be post-contract)’?

note: If not, the cancellation rights outlined below are extended.

Does the website allow the customer to cancel an order within seven working days of

receiving the goods purchased?

note: The cancellation period ends on the expiry of the period of seven working days, beginning with the day after the day

on which the consumer receives the goods.

Does the website allow the customer to cancel services within seven working days of the

contract being concluded (unless services have already begun with the customer’s consent)?

note: The cancellation period ends on the expiry of the period of seven working days beginning with the day after the day

on which the consumer receives the goods.



lInKS TO ThIRD PARTy WEBSITES

Does the website contain links to third party websites?

note: Third party links:

• should be to appropriate websites; and

• should not be constrained within the website, disguising the origin of the content.

Does the website contain a statement that third party website content is not under the control

or the responsibility of the company?

Does the website contain a notice setting out the parameters for third party links and email

addresses for enquiries?












DATA PROTECTIOnWhere personal data is collected (e.g. name, address, e-mail address, credit card details, etc):

Is the website sufficiently secure to keep personal data safe and confidential?

Does the website contain a privacy policy confirming:

• the identity of the data controller?

• what personal data is collected from users?

• what personal data is used for?

• to whom personal data is disclosed?

Does the website state the customer’s right to access his/her personal data and specify the

process for rectifying any errors?

Does the company obtain consent from the customer for direct marketing?

Does the company give the customer the opportunity to object to direct marketing?

note: When selling goods and/or services, if the company obtains the name and e-mail address of a customer, it can only

use those details for direct marketing of similar goods and/or services. In addition the customer must be given the

opportunity to object.

Does the company obtain specific consent from the customer?

note: The company must not use the above details to send unsolicited e-mails marketing non-similar goods and/or

services, unless specific consent from the customer has been obtained.

Is the company registered with the Information Commissioner’s Office?

Does the website contain a statement as to whether any personal data may be transferred

outside of the European Economic Area? If so, what protections are in place?



InCORPORATIOn OF TERMS AnD COnDITIOnS

Does the website make it clear that orders must be accepted by the company before the

contract is formed?

Does the website bring the terms and conditions to the customer’s attention before a contract

is formed?












COOKIES

Does the company obtain the customers’ consent for use of cookies?

Does the website contain a statement that cookies are being used and explain the purpose for

which they are being used?

Does the website inform the customer of their right to withdraw consent at any time?



AWAREnESS OF COnSUMER PROTECTIOnAnD ADvERTISIng REgUlATIOn

Does the website contain any terms which may be subject to challenge under consumer

legislation?

Does the website contain a statement that English law is the governing law of the contract?

Does the website contain a statement that English courts shall have jurisdiction to resolve any

disputes that arise?

Does the website contain information relating to goods and/or services which may be

misleading or impair a customer’s ability to make an informed decision?

Does the website contain any comparative advertising or make reference to other

brands or companies?

note: There are specific rules the website must comply with relating to comparative advertising.

Are all marketing statements clear and complete?



USER gEnERATED COnTEnT

Does the website allow customers or users to generate their own content (e.g. customer

comments, feedback and reviews)?

If so, does the website contain separate terms and conditions relating to the provision and

use of such user-generated content (e.g. to ensure it is not illegal or offensive)?












chris huntPartner

+44 (0)870 730 [email protected]

sallY mewiesPartner


GaYle mcfarlaneAssociate


richard smithAssociate


About Wragge & Co

• Wragge & Co is a UK-headquartered international law firm providing a full range of legal

services to clients worldwide.

• With 123 partners operating from offices in Birmingham, Brussels, guangzhou, london and

Munich, plus affiliated offices in Abu Dhabi, Dubai and Paris, Wragge & Co has the resource

and expertise to handle the largest instructions.

• The firm provides a full service to clients worldwide, including hundreds of public sector

organisations and thousands of major companies.

• Wragge & Co’s Retail team offers commercial advice on issues right across the retail

spectrum. As well as commercial and IT experts, the cross-firm team includes specialists in

advertising and marketing, employment, intellectual property and competition matters.

• Experienced in working with clients of all sizes and from a range of sectors, major names it

has worked with include United Biscuits, Birds Eye and Marks & Spencer.

For more information on taking stock of your website, or to discuss any of the legislative

issues raised here, please contact:

t +44 (0) 870 903 1000

f +44 (0) 870 904 1099

[email protected]

www.wragge.com

website compliance checklist

Business