Date published: 05 June 2024 | by Sybil Mayard
You may have asked yourself, "Is my website compliant"? But what exactly is a website compliance? And does your site meet the requirements? In this article, we discuss the most important features that your website must include to comply with accessibility, data protection regulations, and other laws.
Disclaimer: the information provided in this article does not constitute legal advice. The laws referred to are applicable to UK businesses. If your business is based outside of the UK, different laws may apply. If in doubt, please seek advice from suitable legal expert.
Accessibility Regulations
Accessibility is about making your website usable by as many people as possible, including those who have motor difficulties, learning disabilities, visual impairments or hearing problems. This group of users may use a website differently from what is considered "normal" use. So, your website should contain certain features that cater to these additional needs. Here are some of them:
- Sufficient contrast ratio between text and its background (at least 4.5:1)
- Text which is large enough to be read comfortably
- Transcripts for audible content
- Captions added to videos
- Descriptive alt (alternative) text for images
- No keyboard traps
- No content that flashes more than three times in a one-second period.
There are many more accessibility features available than listed here. You can refer to our article, Accessible Design, for further information on how to create an inclusive website.
In the UK, it is a legal requirement for public sector websites and mobile apps to comply with the accessibility regulations. This is achieved by meeting the Web Content Accessibility Guidelines (WCAG) 2.2 AA standards, and publishing an accessibility statement on the website. The WCAG 2.2 is a set of recommendations that define how web content can be made more accessible to users.
But even if your organisation is not a public body, it is still a good practice to create web content that is accessible. Therefore, following accessibility standards applies to every website.
Legal Compliance
To comply with the Electronic Commerce (EC Directive) Regulations 2002, and the Companies Act 2006, you are legally obliged to publish certain details about your company on your website. Your website must include:
- Business name
- Registered office address
- Company number (if a limited company)
- VAT number (for VAT-registered businesses)
Regardless of whether you sell products or services via your website, a terms & conditions document must be present.
E-commerce stores must include the following additional policies:
- Shipping policy
- Returns policy
You must place the terms & conditions and policies in a convenient location, usually in the footer, so that users can access them at any time whilst browsing your website.
Data Protection Compliance
You have probably heard of the UK GDPR (General Data Protection Regulation). To comply with this regulation, you must be able to demonstrate transparency with how you handle your customers' data. The regulation requires that your website must include a privacy notice. This is not to be confused with a "privacy policy", which is an internal-facing document, and is not required to be displayed on your website. Supplying a privacy notice builds trust with your customers and gives them peace of mind that their data is safe in your hands.
Here are the main sections to be included in your privacy notice:
- Your business' name and contact information
- Which data you collect
- How you collect this data
- Why you are collecting this data
- How long you keep it for
- What you do with the data
- Whom you share the data with
- Whether the website uses cookies
- Customers' rights under data protection laws
- How customers can complain if they are not happy with the way you have handled their data. You can also include the contact information of the ICO (Information Commissioner's Office) here
- The date you last updated your privacy notice, and how often you review it.
If your website uses cookies, and most likely it does, then you need to make this clear in your privacy notice. It is not necessary to list every cookie that is used, but there must be a mechanism in place for users to opt-out of the use of non-essential cookies. This is usually done via a cookie banner.
Like the other policies mentioned above, you should place your privacy notice in the footer of your website. For further information, read our blog article, "Are you inadvertently abusing your customers' data"? Here, we go into more detail into what to include in your privacy notice.
Do you need help with writing your privacy notice? Contact our partners, The GDPR Compliance Consultancy, for support.
SSL Certificates
If your website collects data from your customers, then it is a legal requirement for your website to be protected with an SSL certificate. SSL (Secure Sockets Layer) is a technology that encrypts data flowing to and from your website, and prevents hackers from eavesdropping. When an SSL certificate is installed on a website, the web address will begin with https://
as opposed to http://
, and some browsers will also display a padlock icon in the address bar to indicate this. Installing an SSL certificate on your website also helps you to comply with the GDPR.