Website compliance checklist

765 views

Published on

Regulations governing online retailing are ever changing. As technology and consumer needs evolve, new risks emerge and legislation has to keep pace. That's why it is crucial to stay on top of the latest developments and know the implications for your digital channels. This checklist, prepared by Wragge & Co's experts, will help you to do just that.

Published in: Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
765
On SlideShare
0
From Embeds
0
Number of Embeds
6
Actions
Shares
0
Downloads
16
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Website compliance checklist

  1. 1. surfers beware Steer clear of website compliance risk with our essential checklist [more] protectionwebsite compliance checklist
  2. 2. REgUlATIOnS gOvERnIng OnlInE RETAIlIng ARE EvERChAngIng. AS TEChnOlOgy AnD COnSUMER nEEDS EvOlvE,nEW RISKS EMERgE AnD lEgISlATIOn hAS TO KEEP PACE. ThAT’SWhy IT IS CRUCIAl TO STAy On TOP OF ThE lATEST DEvElOPMEnTSAnD KnOW ThE IMPlICATIOnS FOR yOUR DIgITAl ChAnnElS.websitereGulatorYcomplianceIt can be easy to overlook compliance once a website is up and running, but the impact of gettingit wrong is severe. As well as hefty fines, for example where e-privacy rules are breached, one ofthe biggest threats is reputational damage. Where a business fails to comply, it can bring itscommitment to consumer rights into question.Keeping on top of e-commerce legislation is a constant challenge. Developments this year aloneinclude an extension of the Advertising Standards Authority’s remit to cover misleading and otherproblem advertising on an organisation’s own website. The Department for Culture, Media andSport provided a response to its consultation on the revised EU Electronic CommunicationsFramework, and new guidance was issued by the Information Commissioners Office on the useof cookies for storing data.With these and many other legislative issues to consider, it is imperative to take stock of yourwebsite compliance and quickly identify potential risk areas.What are your compliance risk areas?Wragge & Co’s Retail team is on hand to help with a new tool to help steer businesses throughthe regulatory maze of website compliance. Whether you are involved in business-to-business orbusiness-to-consumer transactions, this practical guide includes a checklist to ensure your websiteis in good shape.Covering everything from information provided during an online transaction, to third party websitecontent, IP and data protection issues, it’s an essential risk management tool. See our FAQs tounderstand how it can add value to your business and help avoid any costly compliance breaches.Acting on the issuesDoes more than one area flag up a potential issue? Our experts are able to work through thischecklist with you to identify any potential gaps in compliance and areas for improvement.With first-rate technical skills, commercial insight and extensive sector expertise, they are able toadvise on compliance with the latest e-commerce legislation. For guidance or to obtain a full riskassessment report on your website, please contact one of our specialists.
  3. 3. FREQUEnTly ASKED QUESTIOnSWhat areas of regulation govern online retailing? What action is needed to ensure compliance?Online retailing is heavily regulated and legislation is evolving all the The first priority is to understand the laws and regulations affectingtime. With no single regulatory body governing the area, it can be commercial websites. This provides the focus needed to work outdifficult to stay on top of requirements. Broadly speaking, the rules where the business stands on website compliance issues and ifcover: sale of goods; e-commerce; data protection; and advertising there are areas for improvement.and marketing law. How will the checklist help me?What issues do these raise for commercial websites? Taking businesses through the key issues to consider, the checklistThe issues can be wide-ranging. Commercial websites provide a provides an essential health check for any commercial website. It is‘shop window’ for businesses and are required to provide the same designed to give a business confidence in where its website isprotection to consumer rights as is expected in-store. This means meeting current legislation and identify any gaps to be addressed.giving greater transparency about the business, what it is selling,for how much, what the customer can expect, and so on. What action needs to be taken? The actions for each business will differ. For some there may be fewCommon pitfalls include failing to ensure customers’ personal data issues to deal with, while others may need more of a comprehensiveis protected, non-compliance with the standard basis of forming a strategy to ensure compliance. Either way, using the checklist providescontract, and breaching consumer protection regulations. The use the necessary information to devise an action plan and focus effort inof social media also brings specific compliance challenges. Retailers the right places.using Facebook, Twitter and youTube etc will want to manage theserisks carefully and avoid any potential PR errors. Where Wragge & Co’s Retail team can add value is to help clients understand the key priorities for their businesses. The riskWhat are the risks? assessment report they provide, based on the checklist, identifiesWhile many of the regulations themselves are not new, the areas of compliance and non-compliance which can be easilyconsequences of non-compliance are. For example, changes to the communicated within a business.Privacy and Electronic Communications Regulations in May 2011introduced new powers of enforcement for the Information How often should website compliance be reviewed?Commissioner. Where a ‘serious contravention’ of the regulations is Reviewing website compliance should be a key feature of anyfound, the Information Commissioner can now issue fines of up to annual review. Wherever a major change occurs within the£500,000 to the organisation or person in breach. business, such as its products/services, ways of operating, types of transactions and back-office systems, a re-assessment is needed.As well as fines and enforcement action, one of the biggest effectsof non-compliance is reputational damage. Building and maintaining Over time the checklist itself will also evolve in line with newa loyal customer base is a challenge all businesses share. Any good regulatory developments.work can be quickly undone through a single compliance error.
  4. 4. website compliance The checklist provides a number of points commercial organisations should consider to manage risk andchecklist ensure website compliance. Categorised by issue, the questions are marked with a tick to show whether they are relevant to business-to-business or business-to- consumer transactions, or both. Each organisation will have its own unique risks, and the points set out here will not necessarily deal with each and every issue which an organisation may face. COMPAny InFORMATIOn BUSInESS-TO- BUSInESS-TO- Are the following pieces of company information included on the website? BUSInESS COnSUMER Company name UK trading and geographic address E-mail address Telephone number vAT number Company registered number Does the website contain details of any trade organisations to which the company belongs, together with registration details? Does the website contain details of relevant professional body or codes of conduct or authorisation schemes adhered to? BUSInESS-TO- BUSInESS-TO- COnTRACT FORMATIOn BUSInESS COnSUMER Does the website contain a statement as to whether a copy of the contract will be kept and made accessible to the customer? Does the website contain instructions on how to correct errors before an order is placed? Does the website provide confirmation of which languages the contract can be concluded in? Does the website provide confirmation of the steps required to form and conclude the contract? Does the supplier acknowledge receipt of the order by electronic means? Does the website make information available in a form that can be kept by the customer (e.g. can it be printed)?
  5. 5. The checklist provides a number of points commercial organisations should consider to manage risk and ensure website compliance. Categorised by issue, the questions are marked with a tick to show whether they are relevant to business-to-business or business-to- consumer transactions, or both. Each organisation will have its own unique risks, and the points set out here will not necessarily deal with each and every issue which an organisation may face.TRAnSACTIOn InFORMATIOn BUSInESS-TO- BUSInESS-TO- BUSInESS COnSUMERDoes the website provide a clear description of the goods and/or services which can be ordered?Does the website clearly state the price for the goods and/or services, including vATand delivery charges?Does the website clearly state the arrangements for payment, delivery and performanceof the contract?note: Performance must be within 30 days, beginning the day after the customer has sent their order, unless otherwise agreedwith the customer.Does the website provide the customer with a right of cancellation?Does the website clearly state the cost of using distance communication(where calculated other than at the basic rate)?Does the website clearly state the period of time for which an offer/price for the goods and/orservices is available?note: State any time limits that apply to the ‘offer/price’ or any limitation due to availability of stock.Do not give misleading information.Does the website clearly state the minimum duration of the contract?note: This is applicable where supply of goods and/or services will be permanent or recurring.Does the website notify the customer if the company is reserving a right to supply substitute(equivalent) goods and/or services?Does the website notify the customer if the company will meet the cost of returns in the eventthat the customer wishes to return substitute (equivalent) goods and/or services? BUSInESS-TO- BUSInESS-TO-InTEllECTUAl PROPERTy RIghTS BUSInESS COnSUMERDoes the website contain a copyright notice prominently displayed for each copyright work andfor the website in general?Does the website contain a copyright policy stating restrictions on the use and copying ofcopyright work?Does the website make use of any third party trade marks, images or other third party content?note: If so, check you have the right to use those materials.
  6. 6. The checklist provides a number of points commercial organisations should consider to manage risk and ensure website compliance. Categorised by issue, the questions are marked with a tick to show whether they are relevant to business-to-business or business-to- consumer transactions, or both. Each organisation will have its own unique risks, and the points set out here will not necessarily deal with each and every issue which an organisation may face. BUSInESS-TO- BUSInESS-TO-ADDITIOnAl InFORMATIOn (MAy BE POST COnTRACT) BUSInESS COnSUMERDoes the website provide written confirmation of how the customer may exercise theircancellation rights, including the effect on goods and/or services?Does the website provide details of whether the supplier or customer would be responsiblefor the return (and cost of return) of cancelled goods?Does the website provide details of any after-sales services and guarantees offered?Where the term of the contract is for more than one year or an unspecified duration, does thewebsite clearly state the conditions for exercising any contractual right to cancel the contract? BUSInESS-TO- BUSInESS-TO-lInKS TO ThIRD PARTy WEBSITES BUSInESS COnSUMERDoes the website contain links to third party websites?note: Third party links:• should be to appropriate websites; and• should not be constrained within the website, disguising the origin of the content.Does the website contain a statement that third party website content is not under the controlor the responsibility of the company?Does the website contain a notice setting out the parameters for third party links and emailaddresses for enquiries? BUSInESS-TO- BUSInESS-TO-RIghT OF CAnCEllATIOn BUSInESS COnSUMERDoes the website specify the information set out in the section on ‘Additional information (maybe post-contract)’?note: If not, the cancellation rights outlined below are extended.Does the website allow the customer to cancel an order within seven working days ofreceiving the goods purchased?note: The cancellation period ends on the expiry of the period of seven working days, beginning with the day after the dayon which the consumer receives the goods.Does the website allow the customer to cancel services within seven working days of thecontract being concluded (unless services have already begun with the customer’s consent)?note: The cancellation period ends on the expiry of the period of seven working days beginning with the day after the dayon which the consumer receives the goods.
  7. 7. The checklist provides a number of points commercial organisations should consider to manage risk and ensure website compliance. Categorised by issue, the questions are marked with a tick to show whether they are relevant to business-to-business or business-to- consumer transactions, or both. Each organisation will have its own unique risks, and the points set out here will not necessarily deal with each and every issue which an organisation may face.DATA PROTECTIOn BUSInESS-TO- BUSInESS-TO-Where personal data is collected (e.g. name, address, e-mail address, credit card details, etc): BUSInESS COnSUMERIs the website sufficiently secure to keep personal data safe and confidential?Does the website contain a privacy policy confirming:• the identity of the data controller?• what personal data is collected from users?• what personal data is used for?• to whom personal data is disclosed?Does the website state the customer’s right to access his/her personal data and specify theprocess for rectifying any errors?Does the company obtain consent from the customer for direct marketing?Does the company give the customer the opportunity to object to direct marketing?note: When selling goods and/or services, if the company obtains the name and e-mail address of a customer, it can onlyuse those details for direct marketing of similar goods and/or services. In addition the customer must be given theopportunity to object.Does the company obtain specific consent from the customer?note: The company must not use the above details to send unsolicited e-mails marketing non-similar goods and/orservices, unless specific consent from the customer has been obtained.Is the company registered with the Information Commissioner’s Office?Does the website contain a statement as to whether any personal data may be transferredoutside of the European Economic Area? If so, what protections are in place? BUSInESS-TO- BUSInESS-TO-InCORPORATIOn OF TERMS AnD COnDITIOnS BUSInESS COnSUMERDoes the website make it clear that orders must be accepted by the company before thecontract is formed?Does the website bring the terms and conditions to the customer’s attention before a contractis formed?
  8. 8. The checklist provides a number of points commercial organisations should consider to manage risk and ensure website compliance. Categorised by issue, the questions are marked with a tick to show whether they are relevant to business-to-business or business-to- consumer transactions, or both. Each organisation will have its own unique risks, and the points set out here will not necessarily deal with each and every issue which an organisation may face. BUSInESS-TO- BUSInESS-TO-COOKIES BUSInESS COnSUMERDoes the company obtain the customers’ consent for use of cookies?Does the website contain a statement that cookies are being used and explain the purpose forwhich they are being used?Does the website inform the customer of their right to withdraw consent at any time? BUSInESS-TO- BUSInESS-TO-USER gEnERATED COnTEnT BUSInESS COnSUMERDoes the website allow customers or users to generate their own content (e.g. customercomments, feedback and reviews)?If so, does the website contain separate terms and conditions relating to the provision anduse of such user-generated content (e.g. to ensure it is not illegal or offensive)?AWAREnESS OF COnSUMER PROTECTIOn BUSInESS-TO- BUSInESS-TO-AnD ADvERTISIng REgUlATIOn BUSInESS COnSUMERDoes the website contain any terms which may be subject to challenge under consumerlegislation?Does the website contain a statement that English law is the governing law of the contract?Does the website contain a statement that English courts shall have jurisdiction to resolve anydisputes that arise?Does the website contain information relating to goods and/or services which may bemisleading or impair a customer’s ability to make an informed decision?Does the website contain any comparative advertising or make reference to otherbrands or companies?note: There are specific rules the website must comply with relating to comparative advertising.Are all marketing statements clear and complete?
  9. 9. About Wragge & Co• Wragge & Co is a UK-headquartered international law firm providing a full range of legal services to clients worldwide.• With 123 partners operating from offices in Birmingham, Brussels, guangzhou, london and Munich, plus affiliated offices in Abu Dhabi, Dubai and Paris, Wragge & Co has the resource and expertise to handle the largest instructions.• The firm provides a full service to clients worldwide, including hundreds of public sector organisations and thousands of major companies.• Wragge & Co’s Retail team offers commercial advice on issues right across the retail spectrum. As well as commercial and IT experts, the cross-firm team includes specialists in advertising and marketing, employment, intellectual property and competition matters.• Experienced in working with clients of all sizes and from a range of sectors, major names it has worked with include United Biscuits, Birds Eye and Marks & Spencer.For more information on taking stock of your website, or to discuss any of the legislativeissues raised here, please contact: sallY mewies chris hunt Partner Partner +44 (0)121 685 2700 +44 (0)870 730 2817 sally_mewies@wragge.com christopher_hunt@wragge.com richard smith GaYle mcfarlane Associate Associate +44 (0)121 629 1875 +44 (0)121 260 9844 richard_smith@wragge.com gayle_mcfarlane@wragge.com
  10. 10. t +44 (0) 870 903 1000f +44 (0) 870 904 1099mail@wragge.comwww.wragge.com

×