Regulations & Legislation

If you are selling online there are a number of regulations and legislation that you need to be familiar with. These are in place to ensure that personal data customers provide is kept secure, goods and services meet quality and suitability standards, and online contracts are legally binding.

The Data Protection Act 1998

Regulates how you deal with personal information held about living people, e.g. customer profiles. The Act affects information that you have on computers as well as some paper-based records. In practice, it means that you need to be open about how you use information and follow the eight data protection principles. You can download information on how to comply with the Data Protection Act from the Information Commissioner’s Office (ICO) website (PDF). From the 6 April 2010, the UK Information Commissioner’s Office will begin to issue fines of up to £500,000 for serious data security breaches.

PCI DSS

In an effort to mitigate security breaches the Security Standards Council has developed a multifaceted security standard consisting of management, procedures, network architecture and software design.  Any organisation involved in managing cardholder data must comply with the PCI DSS.

Bare in mind a large part of this compliance is the responsibility of your chosen PSP, especially if you chose to use your PSP’s server to host the payment pages.

The Privacy and Electronic Communications Regulations

These regulations address the problems of dealing with Spam with e-marketing activities, but also the use of cookies – this is the part that may apply to you – the aim of the regulations is to allow the visitor to choose whether they want cookies on their computer. 

The Consumer Protection (Distance Selling) Regulations 2000

The applies to both online and offline transactions. Broadly, you must provide your customers with specific information prior to placing an order. As a guide your website should clearly state the following information:

  • Your business’ name, geographic address and other contact details including your email address;
  • Details of any publicly available register (such as Companies House) in which you are entered, together with your registration number;
  • Details of any professional body with which you are registered;
  • Your VAT registration number;
  • A full description of goods or services;
  • Clearly display the stages of purchase including a summary of order prior to making payment including details of your return’s policy;
  • An order confirmation must be sent to the shopper and give them a ‘cooling off period’ in which they can cancel their purchase.

 For further advice please contact us.