ECommerce Website Legal Requirements
One quarter of small and medium eCommerce businesses were in breach of eCommerce website legal requirements to trade online. Regardless of whether your business is trading millions, thousands or nothing at all, your website needs to adhere to certain requirements. Understanding these issues before you try to start selling online will help you plan wisely and save your time, energy and your money as well.
All of businesses must show these pieces of information on their eCommerce website in clear text :
- The company’s register ID
- The company’s verified address
- The location where the company is registered
- Display ‘Limited’ or ‘Ltd’ after the company name if the company is limited.
All emails, letters, forms, receipts, services and website related to the company must include this information. Normally the info will be displayed in the footer part of the website.
All website developers should focus as much on the accessibility factor as possible, ensuring even disabled people can navigate around their website. The W3C (World Wide Web Consortium) has created requirements to make sure websites can follow the best practices. The specifications are split into 3 checkpoints, each has its own list of specifications. According to the official documents, they are :
- Priority 1 : A Web content developer must satisfy this checkpoint. Otherwise, one or more groups will find it impossible to access information in the document. Satisfying this checkpoint is a basic requirement for some groups to be able to use Web documents.
- Priority 2 : A Web content developer should satisfy this checkpoint. Otherwise, one or more groups will find it difficult to access information in the document. Satisfying this checkpoint will remove significant barriers to accessing Web documents.
- Priority 3 : A Web content developer may address this checkpoint. Otherwise, one or more groups will find it somewhat difficult to access information in the document. Satisfying this checkpoint will improve access to Web documents.
You can read full details about each of these checkpoints at https://www.w3.org/TR/WCAG10/full-checklist.html. Nowadays websites only need to satisfy the first 2 checkpoints in order to be verified as accessible to people with disabilities.
According to the newest General Data Protection Regulation framework, all companies and businesses must inform to officials whenever they start to collect information. In addition, all of the info must be :
- legal and secure
- used for specifically declared intention
- used for useful and relevant purposes
- accurate and correct
- removed when no longer necessary
For a transaction to be carried out successfully on your website, the following information must be provided :
- Products and services description on both physical and digital types, including assurances.
- A way to calculate subtotal prices of all products and services on your website.
- Payment methods.
- Additional costs like shipping services and taxes.
- A refund policy if the state of the product isn’t as good as advertised, or a cancellation form in case the product did not arrive in less than 2 weeks.
- The company’s information regarding business contact and website compatibility.
If one of these regulations is not met, the company’s cancellation rights can be extended up to a year.
The Payment Card Industry Data Security Standard was established to help dealing against fraud for businesses who accepts credit cards as payments. PCI DSS makes sure that all the data in the payment process is completely secure and under control. The key specifications are :
- All data must be protected by a firewall.
- Avoid default passwords and parameters.
- The information must be encrypted during transmission.
- Have a third-party antivirus or a internet security software at the ready.
- Access restrictions for specific individuals
- Every user must have their own unique ID.
- Cardholder must not have physical access.
- Network and website administration are required.
- Conduct security tests frequently, along with having multiple security policies.