Access Keys

Online Data Protection for Businesses - Internet Privacy

Business

More topics >

Legal obligations on the internet

Company websites must comply with the law just the same as any other aspect of a business. Under amendments to the Companies Act 1985 this now means including a company’s regulatory information on its website, such as registered address and number. This also extends to electronic communications such as email.

If you are collecting personal information on your website, under the Data Protection Act you must specify what this information will be used for and ensure you have received the person’s consent to use the information.

Websites are also now required to follow the guidelines of the Disability Discrimination Act of 1995, and for a website this particularly relates to the wording and design of layout, in order to ensure websites are accessible to the blind and disabled users. However, at present there does not seem to be specific information about how websites can meet these requirements, particularly for the blind.

This personal information might also be of interest: Accessibility
This business information might also be of interest: Data protection online

Legal compliance on the internet

Setting up your own business involves entering into legal relationships with a wide range of individuals and organisations. If you own a website or provide services on the internet then you need to know that it is legally compliant – to protect yourself and others.

Remember that you and only you are responsible for meeting the legal obligations so advice from a legal professional at the outset can help avoid running into costly and time-consuming problems further down the line.

You need to ensure you are adhering to relevant laws that apply to online businesses just the same – for example the Companies Act, the Data Protection Act and the Disability Discrimination Act 1995.

You also need to consider legal compliance duties if you are planning to collect other people’s personal data or if you are taking online payments.

Legal obligations of ecommerce sites

Remember that you and only you are responsible for meeting the legal obligations of your ecommerce site.

Protecting other people’s personal data

When collecting personal information on your website you must ensure you follow the stringent guidelines of the Data Protection Act. This includes outlining in clear text what the information you are gathering will be used for and obtaining the person’s consent to use this information.

Online payments

If you are handling online payments on your website, there is specific information that you must legally provide to customers before the purchase is processed. This includes information about their cancellation rights, VAT and pricing, faulty goods and refunds.

Contact information

You must provide full contact details such as address, telephone numbers, and membership of any regulatory bodies you belong to, and where your organisation is registered for VAT, as well as a set of terms and conditions.

 

Data protection - your legal obligations

What are the principles of the Data Protection compliance? This short checklist will help you comply with the Data Protection Act. Being able to answer 'yes' to every question does not guarantee compliance, and you may need more advice in particular areas, but it does mean you are heading in the right direction.

  • Do I really need this information about an individual? Do I know what I'm going to use it for?
  • Do the people whose information I hold know that I've got it, and are they likely to understand what it will be used for?
  • If I'm asked to pass on personal information, would the people about whom I hold information expect me to do this?
  • Am I satisfied the information is being held securely, whether it's on paper or on computer? And what about my website? Is it secure?
  • Is access to personal information limited to those with a strict need to know?
  • Am I sure the personal information is accurate and up to date?
  •  Do I delete or destroy personal information as soon as I have no more need for it?
  • Have I trained my staff in their duties and responsibilities under the Data Protection Act, and are they putting them into practice?
  • Do I need to notify the Information Commissioner and if so is my notification up to date?

Further information

For further information on data protection visit the Information Commissioner's Office (ICO) website: http://www.ico.gov.uk/

This business information might also be of interest: Data protection online

Advice on internet compliance

If you own a website or provide services on the internet then you need to know that it is legally compliant.

For your own protection you should have a set of terms and conditions. If someone suffers as a result of your services, you may have broken the law and could be liable for claims and damages. Terms and Conditions should be accessible from each page on your website. Sometimes it may even be necessary to get people to tick OK to the terms and conditions before they use your site.

If you are collecting information from users, including financial and personal information, you must have a privacy statement that outlines what you will do with that information and how you will protect the privacy of the user. You are also required to register with the Data Protection authorities.

If you are selling goods or services from your website, you will also need a sale agreement that should outline all the relevant information a user may need to know, such as warranty and goods refunds/returns information and delivery details.

Further information

For more information on internet compliant visit:
www.legal-advice-centre.co.uk

This business information might also be of interest: Ecommerce

How useful was this article?

Nominet is constantly striving to improve the level of knowledge on this site. Your feedback is appreciated.

Take the NetCheck

Topic areas

Recommended video

Recommended links