E-Commerce Compliance Checklist

Trending topics

6 min

Stuart Cooke
May 18, 2023

Ensuring Your Online Store Meets Regulatory Standards

While many of the same legal considerations apply to online retailers as they do to their brick-and-mortar counterparts, there are some unique aspects of conducting business online, also referred to as e-commerce, that must be taken into account. Standards for online payment security, website policy, accessibility, and other considerations are included. So it is essential that you make sure your e-commerce site complies with all applicable laws before you open for business online and begin accepting orders. Policies must be established, online payment security standards met, data privacy regulations adhered to, and much more.

The E-Commerce Compliance Checklist below contains some of the most important pieces of business legislation your e-commerce business should be aware of in order to trade online without breaking any rules.

#1: Rules Governing Online Transactions 

In order to comply with these rules, you must prominently display certain data on your website if you conduct online business.

     
  • Your company's official name (and alternate names, if any)
  •  
  • Where you are located (and where you're officially listed if it's different)
  •  
  • Email address for communication
  •  
  • Number of registration for a business
  •  
  • Membership in a Trade or Professional Organisation
  •  
  • If applicable, you should include your VAT number

For ease of reference, you should include this data in the footer of your website.

#2: Terms and Conditions / T’s & C's 

An online contract with terms and conditions might help limit your legal risk as an online shop and should be tailored towards your own specific needs for example, business-to-consumer (B2C) or business-to-business (B2B) terminology, whichever suits your marketing requirements. 

#3: Online Selling Rules 

If you want to sell to consumers online, you'll need to take some extra measures. The statutory rights of a consumer (consumer refers to “an individual acting for purposes wholly or mainly outside of a business”) cannot be diminished or eliminated. This encompasses everything that comes before the sale:

     
  • Customers are aware that payment is required before placing an order
  •  
  • Provide transparent pricing and delivery information
  •  
  • Providing a detailed explanation of what it is you sell 
  •  
  • Customer's cancellation rights are being communicated. Up to 14 days (for items, beginning on the date of delivery; for services, beginning on the date of contract signing)
  •  
  • Certain items, such as those that are made to order or expire quickly, do not fall under the cancellation policy

What follows the sale includes: 

     
  • Emailing a confirmation of your order serves to reaffirm the terms of the contract, including your cancellation rights
  •  
  • The items will be delivered within 30 days, barring any special arrangements 
#4: Accessibility 

You have a legal obligation to take all necessary measures to make your website accessible to people with disabilities. To make sure that websites are accessible to people with different abilities, the international community has adopted the Web Content Accessibility Guidelines. Make sure your e-commerce website is built with accessibility in mind if you've decided to set it up on your own rather than using a web design agency or professional. 

#5: Data Security 

General Data Protection Regulations (GDPR) apply to any company that processes personal data, so if a user registers for an account on your site, makes a purchase, or signs up for your marketing emails, you need to make sure you're doing so legally and ethically. If you own an online store, having a GDPR app to ensure compliance and the data security of your customers is a must.

#6: Privacy and Electronic Regulations (PECR)

It's important to observe all applicable laws and regulations if communicating with potential customers over the phone or via email. The General Data Protection Regulation (GDPR) isn't the only law that protects individuals' privacy online; the Privacy and Electronic Regulations (PECR) do the same for email marketing and cookies. Both business-to-business and business-to-consumer marketing are covered by the rules. The ICO gives companies a high-level introduction to PECR.  

#7: Conditions of Use 

Your website's terms of use include the conditions that the user agrees to when using your website, whether they are simply browsing, creating an account, or completing a purchase. It lays out the fundamental expectations for your service's users. In the end, they serve to safeguard your intellectual property by providing details such as the extent to which your work may be used.  

#8: Privacy Policy

Processing consumer data is essential to any online store, regardless of the products being sold. Your company may gather sensitive information from its customers during the account creation process or during a transaction, such as an email address or payment information.  You will be in violation of GDPR and vulnerable to penalties and legal action from data subjects if you do not have a privacy policy in place. A company's privacy policy should explain in detail how the company will handle the personal data of its consumers. Tell your consumers why you're collecting their information, how you plan to use it, and what precautions you'll take to keep it secure. A privacy policy should include:

     
  • Give specifics about the information you plan to share and with whom
  •  
  • Give your clients the option to opt-in or not
  •  
  • Let consumers know their rights
  •  
  • Specify how long you keep their information

The terms of your privacy policy should be readily accessible. It's standard for websites to include a link to it in their footers. A website's privacy policy may be disclosed through a pop-up window, which states that your continued use of the site constitutes acceptance of the policy's terms.  

#9: Cookie Policy

Include a section on cookies in your privacy policy if you use them on your website (for instance, to track user behavior for analytics or marketing purposes). Include details about how cookie data is being used by any third parties. If you don't have a cookie policy, you're breaking UK GDPR and could face penalties from the Information Commissioner's Office (ICO) and potential legal action from data subjects. 

#10: Return and refund policy 

The ability to issue refunds and accept returns is crucial for every online retailer. Occasionally, you may have a customer who asks for a refund because they received a defective product, a damaged product, poor service, or a product that just isn't right for them. As a result, having a solid return and refund policy will safeguard your company and help you better manage your customers' expectations. Policymakers would do well to keep in mind consumers' legal protections while formulating their plans. 

If you follow each of these ten steps your ecommerce website will be well on its way to online business compliance.

About the author

Stuart Cooke is the Marketing Manager at Irish Parcels a courier comparison service that helps e-commerce businesses find the best shipping solutions for their products.

About the Author

Stuart Cooke

Stay informed

Sign up for our newsletter to get the latest updates, thoughts, and ideas from Consentmo.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Is your site compliant?

Your Guide to Launching a Successful Shopify Business

Discover the essentials of launching a thriving Shopify business in our new e-book

Download