Making sure your website is legally compliant is the really boring bit of creating a website. It would be more fun just to concentrate on things like content and lead generation, but I’m afraid it’s something that every website owner needs to deal with at some point.
So which legal pages should your website have?
There are a few things you need by law to have on your site, others are just recommended, either for your protection, or to help your customers, or to benefit you both. Let’s take a look:
Privacy Policy
All sites that handle personal data need a GDPR-compliant Privacy Policy. GDPR came into effect in May 2018, yet a surprising number of businesses still aren’t compliant. This one is a legal requirement, so no excuses, get a policy on your site pronto.
“But my business doesn’t collect any personal data.”
You wouldn’t believe how often I’ve heard that. And it just isn’t true. I haven’t come across a business yet that doesn’t collect data.
Picture this:
- Someone phones you inquiring about hiring you. You take a note of their details and some info about the job. You’ve just collected data.
- A supplier emails you an invoice for some work they’ve done. You’ve just collected data on them.
- Someone visits your website and your Google Analytics tracking code logs their visit. It may be anonymous data, but it’s data all the same.
So you see, everyone is constantly collecting data.
Your Privacy Policy sets out what data you collect, why you collect it, how you treat it and store it, how long you store it for, who you share it with, and more.
If your website has features like:
- Users can login and/or comment
- Contact form
- Online shop/ecommerce
- Newsletter/email signup
- Cookies for things like Analytics, Adwords, Facebook pixel
then it’s collecting data for you. Make sure your Privacy Policy addresses each type of data you collect.
Having a Privacy Policy used to be more of a box-ticking exercise; you could download a template, add in your business name, contact details and the date, then you were done. The terms were vague enough to cover the things you might be doing, or might start doing in the future. And probably no one would ever look at the page.
But that won’t cut it anymore. People are much more aware of their data being collected and their rights concerning that. And the laws are much clearer and stricter too. You can still find templates online but they need much more customisation so that they become specific to your needs.
Here are some resources that may help you create your policy:
- GDPR for small businesses
- GDPR – what’s THAT all about?
- GDPR Explained Simply! – Andrew & Pete
- GDPR Videos – Suzanne Dibble
- Privacy Policy template
- GDPR Privacy Policy generator
- GDPR – build your own privacy notice
[Tweet “Making your website legally compliant is boring but essential. Make sure you’ve got your Privacy Policy sorted”]
Cookies Policy
Having a Cookies Policy is also a legal requirement, covered by GDPR and other laws, so many people combine their Cookies Policy into their Privacy Policy. Others have a whole separate page for it and how you deal with it will depend on your needs.
What are cookies?
Sorry, we’re not talking chocolate chips here.
Cookies are small tracking files that are placed on your device when you visit a website.
They have different functions:
- Some are essential to the functionality of a website, like cookies that let you log in to a website.
- Some are there for your convenience, like storing your name and email address when you leave a comment so you don’t have to enter them again next time you comment.
- Some, like Google Analytics, track how you use a website, like which pages you visit, how long you spend on the site etc
- Some are for advertising. Have you ever looked at a product on Amazon but not bought it. Then suddenly you see adverts for that very product on loads of other sites you visit? That’s done through cookies.
Cookies generally come with an expiry date. Like when you check a box to remember your login on a website. You won’t have to enter your password again for a while because of the cookie, but after a set period of time, the cookie will expire and you’ll need to log in again.
Does my website use cookies?
If your site is run on WordPress, is an online shop, has Analytics, Adwords, Facebook Pixel or similar installed, the answer is yes. You can use tools like http://www.cookie-checker.com/ and https://www.attacat.co.uk/resources/cookies to check which cookies your site uses.
Your web designer can also help you figure out which cookies your site uses and what they’re for, then you can fill in the remaining details about how you use that data.
Here are some resources that may help you create your policy:
- Cookies Policy generator
- GDPR and cookies | What do I need to know? | Is my use of cookies compliant?
- Cookies Policy Generator
Do I need any other policies?
What else you need depends on what kind of site you have.
Terms & Conditions
While not strictly a legal requirement, many businesses would benefit from having Terms and Conditions on their website. They can cover several areas, but as a minimum they should include things like:
- Limitation of liability: a disclaimer stating you’re not responsible for things like errors in your content, the content of any external sites you link to etc.
- Copyright and any permitted uses of your content.
- If you let users post content on your site, guidelines on what behaviour or content won’t be allowed.
[Tweet “Many businesses would benefit from having Terms and Conditions on their website to protect them and their customers”]
Payment Terms
If you have an online shop or take any sort of payments through your website, you should definitely have your Terms and Conditions sorted. Then you’ll also need things like:
- Refund & Returns info and terms
- Delivery info and terms
These are there for your protection and for your customers’ protection. Make sure they cover your customers’ rights under the online and distance selling regulations and the consumer rights act.
As well as providing protection, these policies also provide valuable information that people need before they make the decision to buy. Having these policies in place shows that you’re a responsible – and legitimate – business that they should feel safe to buy from.
[Tweet “As well as providing protection, your site’s legal policies also provide valuable information that people need before they make the decision to buy”]
Do you need anything else?
- Some professions are also required to have specific legal policies, information and/or disclaimers included.
- You may need to display an accreditation badge or information about membership of trade bodies or professional associations you’re part of.
- If you’re a Limited company, you must include things like your company name, registered number, registered address and place of registration.
- If you’re VAT registered, you need to show that too.
- Make sure that you’ve got a copyright notice, usually in the footer of your site. Even if you’ve already included copyright info in your Terms and Conditions, add a ‘Copyright © 2019 Your Business Name’ notice to your footer.
More resources:
- Legal Pages for Websites
- 5 Legal Must-Haves for Your Website
- 4 Legal Pages You Need on Your WordPress Website
- Website Laws and Regulations in United Kingdom
Can’t you, as my web designer, take care of this for me?
Nope, sorry.
I’m a designer not a solicitor, so I can’t write your policies for you. Nor can I give you specific legal advice, just general info and resources like in this post.
The information needed in the policies is so specific to your business, that the best person to create them is you. You know your business better than anyone.
If you need help creating your policies, I’d strongly recommend seeking advice from a solicitor or privacy expert so you can get proper guidance tailored to your specific needs.
You might also like:
Get more tips like this
Add your email below to get weekly emails with quick, actionable tips to supercharge your branding. Plus, you'll get access to exclusive special offers, only for subscribers.