Website compliance checklist
-
Upload
wragge-co-llp -
Category
Business
-
view
837 -
download
8
description
Transcript of Website compliance checklist
Steer clear of website compliance risk with our essential checklist
[more] protection
website compliance checklist
surfersbeware
websitereGulatorYcompliance
REgUlATIOnS gOvERnIng OnlInE RETAIlIng ARE EvER
ChAngIng. AS TEChnOlOgy AnD COnSUMER nEEDS EvOlvE,
nEW RISKS EMERgE AnD lEgISlATIOn hAS TO KEEP PACE. ThAT’S
Why IT IS CRUCIAl TO STAy On TOP OF ThE lATEST DEvElOPMEnTS
AnD KnOW ThE IMPlICATIOnS FOR yOUR DIgITAl ChAnnElS.
It can be easy to overlook compliance once a website is up and running, but the impact of getting
it wrong is severe. As well as hefty fines, for example where e-privacy rules are breached, one of
the biggest threats is reputational damage. Where a business fails to comply, it can bring its
commitment to consumer rights into question.
Keeping on top of e-commerce legislation is a constant challenge. Developments this year alone
include an extension of the Advertising Standards Authority’s remit to cover misleading and other
problem advertising on an organisation’s own website. The Department for Culture, Media and
Sport provided a response to its consultation on the revised EU Electronic Communications
Framework, and new guidance was issued by the Information Commissioner's Office on the use
of cookies for storing data.
With these and many other legislative issues to consider, it is imperative to take stock of your
website compliance and quickly identify potential risk areas.
What are your compliance risk areas?
Wragge & Co’s Retail team is on hand to help with a new tool to help steer businesses through
the regulatory maze of website compliance. Whether you are involved in business-to-business or
business-to-consumer transactions, this practical guide includes a checklist to ensure your website
is in good shape.
Covering everything from information provided during an online transaction, to third party website
content, IP and data protection issues, it’s an essential risk management tool. See our FAQs to
understand how it can add value to your business and help avoid any costly compliance breaches.
Acting on the issues
Does more than one area flag up a potential issue? Our experts are able to work through this
checklist with you to identify any potential gaps in compliance and areas for improvement.
With first-rate technical skills, commercial insight and extensive sector expertise, they are able to
advise on compliance with the latest e-commerce legislation. For guidance or to obtain a full risk
assessment report on your website, please contact one of our specialists.
FREQUEnTly ASKED QUESTIOnS
What areas of regulation govern online retailing?
Online retailing is heavily regulated and legislation is evolving all the
time. With no single regulatory body governing the area, it can be
difficult to stay on top of requirements. Broadly speaking, the rules
cover : sale of goods; e-commerce; data protection; and advertising
and marketing law.
What issues do these raise for commercial websites?
The issues can be wide-ranging. Commercial websites provide a
‘shop window’ for businesses and are required to provide the same
protection to consumer rights as is expected in-store. This means
giving greater transparency about the business, what it is selling,
for how much, what the customer can expect, and so on.
Common pitfalls include failing to ensure customers’ personal data
is protected, non-compliance with the standard basis of forming a
contract, and breaching consumer protection regulations. The use
of social media also brings specific compliance challenges. Retailers
using Facebook, Twitter and youTube etc will want to manage these
risks carefully and avoid any potential PR errors.
What are the risks?
While many of the regulations themselves are not new, the
consequences of non-compliance are. For example, changes to the
Privacy and Electronic Communications Regulations in May 2011
introduced new powers of enforcement for the Information
Commissioner. Where a ‘serious contravention’ of the regulations is
found, the Information Commissioner can now issue fines of up to
£500,000 to the organisation or person in breach.
As well as fines and enforcement action, one of the biggest effects
of non-compliance is reputational damage. Building and maintaining
a loyal customer base is a challenge all businesses share. Any good
work can be quickly undone through a single compliance error.
What action is needed to ensure compliance?
The first priority is to understand the laws and regulations affecting
commercial websites. This provides the focus needed to work out
where the business stands on website compliance issues and if
there are areas for improvement.
How will the checklist help me?
Taking businesses through the key issues to consider, the checklist
provides an essential health check for any commercial website. It is
designed to give a business confidence in where its website is
meeting current legislation and identify any gaps to be addressed.
What action needs to be taken?
The actions for each business will differ. For some there may be few
issues to deal with, while others may need more of a comprehensive
strategy to ensure compliance. Either way, using the checklist provides
the necessary information to devise an action plan and focus effort in
the right places.
Where Wragge & Co’s Retail team can add value is to help
clients understand the key priorities for their businesses. The risk
assessment report they provide, based on the checklist, identifies
areas of compliance and non-compliance which can be easily
communicated within a business.
How often should website compliance be reviewed?
Reviewing website compliance should be a key feature of any
annual review. Wherever a major change occurs within the
business, such as its products/services, ways of operating, types of
transactions and back-office systems, a re-assessment is needed.
Over time the checklist itself will also evolve in line with new
regulatory developments.
The checklist provides a number of points commercial
organisations should consider to manage risk and
ensure website compliance. Categorised by issue, the
questions are marked with a tick to show whether they
are relevant to business-to-business or business-to-
consumer transactions, or both. Each organisation will
have its own unique risks, and the points set out here
will not necessarily deal with each and every issue
which an organisation may face.
COMPAny InFORMATIOnAre the following pieces of company information included on the website?
Company name
UK trading and geographic address
E-mail address
Telephone number
vAT number
Company registered number
Does the website contain details of any trade organisations to which the company belongs,
together with registration details?
Does the website contain details of relevant professional body or codes of conduct or
authorisation schemes adhered to?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
COnTRACT FORMATIOn
Does the website contain a statement as to whether a copy of the contract will be kept and
made accessible to the customer?
Does the website contain instructions on how to correct errors before an order is placed?
Does the website provide confirmation of which languages the contract can be concluded in?
Does the website provide confirmation of the steps required to form and conclude the contract?
Does the supplier acknowledge receipt of the order by electronic means?
Does the website make information available in a form that can be kept by the customer
(e.g. can it be printed)?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
website compliance
checklist
InTEllECTUAl PROPERTy RIghTS
Does the website contain a copyright notice prominently displayed for each copyright work and
for the website in general?
Does the website contain a copyright policy stating restrictions on the use and copying of
copyright work?
Does the website make use of any third party trade marks, images or other third party content?
note: If so, check you have the right to use those materials.
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
TRAnSACTIOn InFORMATIOn
Does the website provide a clear description of the goods and/or services which can be ordered?
Does the website clearly state the price for the goods and/or services, including vAT
and delivery charges?
Does the website clearly state the arrangements for payment, delivery and performance
of the contract?
note: Performance must be within 30 days, beginning the day after the customer has sent their order, unless otherwise agreed
with the customer.
Does the website provide the customer with a right of cancellation?
Does the website clearly state the cost of using distance communication
(where calculated other than at the basic rate)?
Does the website clearly state the period of time for which an offer/price for the goods and/or
services is available?
note: State any time limits that apply to the ‘offer/price’ or any limitation due to availability of stock.
Do not give misleading information.
Does the website clearly state the minimum duration of the contract?
note: This is applicable where supply of goods and/or services will be permanent or recurring.
Does the website notify the customer if the company is reserving a right to supply substitute
(equivalent) goods and/or services?
Does the website notify the customer if the company will meet the cost of returns in the event
that the customer wishes to return substitute (equivalent) goods and/or services?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
The checklist provides a number of points commercial
organisations should consider to manage risk and
ensure website compliance. Categorised by issue, the
questions are marked with a tick to show whether they
are relevant to business-to-business or business-to-
consumer transactions, or both. Each organisation will
have its own unique risks, and the points set out here
will not necessarily deal with each and every issue
which an organisation may face.
ADDITIOnAl InFORMATIOn (MAy BE POST COnTRACT)
Does the website provide written confirmation of how the customer may exercise their
cancellation rights, including the effect on goods and/or services?
Does the website provide details of whether the supplier or customer would be responsible
for the return (and cost of return) of cancelled goods?
Does the website provide details of any after-sales services and guarantees offered?
Where the term of the contract is for more than one year or an unspecified duration, does the
website clearly state the conditions for exercising any contractual right to cancel the contract?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
RIghT OF CAnCEllATIOn
Does the website specify the information set out in the section on ‘Additional information (may
be post-contract)’?
note: If not, the cancellation rights outlined below are extended.
Does the website allow the customer to cancel an order within seven working days of
receiving the goods purchased?
note: The cancellation period ends on the expiry of the period of seven working days, beginning with the day after the day
on which the consumer receives the goods.
Does the website allow the customer to cancel services within seven working days of the
contract being concluded (unless services have already begun with the customer’s consent)?
note: The cancellation period ends on the expiry of the period of seven working days beginning with the day after the day
on which the consumer receives the goods.
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
lInKS TO ThIRD PARTy WEBSITES
Does the website contain links to third party websites?
note: Third party links:
• should be to appropriate websites; and
• should not be constrained within the website, disguising the origin of the content.
Does the website contain a statement that third party website content is not under the control
or the responsibility of the company?
Does the website contain a notice setting out the parameters for third party links and email
addresses for enquiries?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
The checklist provides a number of points commercial
organisations should consider to manage risk and
ensure website compliance. Categorised by issue, the
questions are marked with a tick to show whether they
are relevant to business-to-business or business-to-
consumer transactions, or both. Each organisation will
have its own unique risks, and the points set out here
will not necessarily deal with each and every issue
which an organisation may face.
DATA PROTECTIOnWhere personal data is collected (e.g. name, address, e-mail address, credit card details, etc):
Is the website sufficiently secure to keep personal data safe and confidential?
Does the website contain a privacy policy confirming:
• the identity of the data controller?
• what personal data is collected from users?
• what personal data is used for?
• to whom personal data is disclosed?
Does the website state the customer’s right to access his/her personal data and specify the
process for rectifying any errors?
Does the company obtain consent from the customer for direct marketing?
Does the company give the customer the opportunity to object to direct marketing?
note: When selling goods and/or services, if the company obtains the name and e-mail address of a customer, it can only
use those details for direct marketing of similar goods and/or services. In addition the customer must be given the
opportunity to object.
Does the company obtain specific consent from the customer?
note: The company must not use the above details to send unsolicited e-mails marketing non-similar goods and/or
services, unless specific consent from the customer has been obtained.
Is the company registered with the Information Commissioner’s Office?
Does the website contain a statement as to whether any personal data may be transferred
outside of the European Economic Area? If so, what protections are in place?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
InCORPORATIOn OF TERMS AnD COnDITIOnS
Does the website make it clear that orders must be accepted by the company before the
contract is formed?
Does the website bring the terms and conditions to the customer’s attention before a contract
is formed?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
The checklist provides a number of points commercial
organisations should consider to manage risk and
ensure website compliance. Categorised by issue, the
questions are marked with a tick to show whether they
are relevant to business-to-business or business-to-
consumer transactions, or both. Each organisation will
have its own unique risks, and the points set out here
will not necessarily deal with each and every issue
which an organisation may face.
COOKIES
Does the company obtain the customers’ consent for use of cookies?
Does the website contain a statement that cookies are being used and explain the purpose for
which they are being used?
Does the website inform the customer of their right to withdraw consent at any time?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
AWAREnESS OF COnSUMER PROTECTIOnAnD ADvERTISIng REgUlATIOn
Does the website contain any terms which may be subject to challenge under consumer
legislation?
Does the website contain a statement that English law is the governing law of the contract?
Does the website contain a statement that English courts shall have jurisdiction to resolve any
disputes that arise?
Does the website contain information relating to goods and/or services which may be
misleading or impair a customer’s ability to make an informed decision?
Does the website contain any comparative advertising or make reference to other
brands or companies?
note: There are specific rules the website must comply with relating to comparative advertising.
Are all marketing statements clear and complete?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
USER gEnERATED COnTEnT
Does the website allow customers or users to generate their own content (e.g. customer
comments, feedback and reviews)?
If so, does the website contain separate terms and conditions relating to the provision and
use of such user-generated content (e.g. to ensure it is not illegal or offensive)?
BUSInESS-TO-BUSInESS
BUSInESS-TO-COnSUMER
The checklist provides a number of points commercial
organisations should consider to manage risk and
ensure website compliance. Categorised by issue, the
questions are marked with a tick to show whether they
are relevant to business-to-business or business-to-
consumer transactions, or both. Each organisation will
have its own unique risks, and the points set out here
will not necessarily deal with each and every issue
which an organisation may face.
chris huntPartner
+44 (0)870 730 [email protected]
sallY mewiesPartner
+44 (0)121 685 [email protected]
GaYle mcfarlaneAssociate
+44 (0)121 260 [email protected]
richard smithAssociate
+44 (0)121 629 [email protected]
About Wragge & Co
• Wragge & Co is a UK-headquartered international law firm providing a full range of legal
services to clients worldwide.
• With 123 partners operating from offices in Birmingham, Brussels, guangzhou, london and
Munich, plus affiliated offices in Abu Dhabi, Dubai and Paris, Wragge & Co has the resource
and expertise to handle the largest instructions.
• The firm provides a full service to clients worldwide, including hundreds of public sector
organisations and thousands of major companies.
• Wragge & Co’s Retail team offers commercial advice on issues right across the retail
spectrum. As well as commercial and IT experts, the cross-firm team includes specialists in
advertising and marketing, employment, intellectual property and competition matters.
• Experienced in working with clients of all sizes and from a range of sectors, major names it
has worked with include United Biscuits, Birds Eye and Marks & Spencer.
For more information on taking stock of your website, or to discuss any of the legislative
issues raised here, please contact: