Every UK business website must clearly display these details:

• Your business or trading name
• Your physical address and registered address (if different)
• Contact email address
• Company registration number (if you're a limited company)
• VAT registration number (if you're VAT registered)
• Any trade association memberships

Where to put it: Standard practice is your website footer, visible on every page.

Why this matters: Visitors need to know who they're dealing with. Missing these details can result in fines or your site being suspended by hosting providers or payment processors.

Legal requirements: This is required under multiple pieces of UK legislation:

• Electronic Commerce (EC Directive) Regulations 2002 (Regulation 6) - applies to all "information society service providers" (which includes most commercial websites)
• The Company, Limited Liability Partnership and Business (Names and Trading Disclosures) Regulations 2015 - requires companies and LLPs to disclose registered information on websites
• Companies Act 2006 (sections 1200-1206) - governs disclosure requirements for sole traders and partnerships using business names
• The Provision of Services Regulations 2009 - additional disclosure obligations

Penalties: Enforcement orders, unlimited fines, and up to two years imprisonment for serious non-compliance.

Clear business information builds trust and reduces customer service queries, creating more efficient interactions.

References: Electronic Commerce (EC Directive) Regulations 2002, Companies Act 2006

If you collect any personal information (names, emails, IP addresses, analytics data), you must comply with UK GDPR.

Requirements:

• ICO Registration: You must register with the Information Commissioner's Office and pay an annual data protection fee
• Privacy Policy: Written in plain English explaining what data you collect, why, how long you keep it, and users' rights
• Lawful basis: You need a legal reason to process personal data (usually consent or legitimate interest)
• User rights: People can request to see their data, correct it, or have it deleted
• Data security: Protect personal data with appropriate security measures
• Consent for marketing: You need clear, specific consent to send marketing emails
  
  Here's a great checklist by Termageddon (the privacy and terms solution I recommend) to build out a privacy friendly website and data policy strategy.

Key user rights you must respect:

• Right to access their data
• Right to correct inaccurate data
• Right to delete their data ("right to be forgotten")
• Right to stop marketing communications

ICO Registration and Data Protection Fee: Most businesses processing personal data must register with the ICO and pay an annual fee (increased February 2025):

• Tier 1 (small): £52 per year - turnover under £632,000 OR fewer than 10 staff
• Tier 2 (medium): £78 per year - turnover under £36 million OR fewer than 250 staff
• Tier 3 (large): £3,763 per year - turnover over £36 million OR 250+ staff
• Direct debit discount: Save £5 by paying via direct debit
• Exemptions: Limited to staff administration only, some charities, and specific processing activities

Penalties for non-registration: Up to £4,000 fine plus public listing as non-compliant.

Legal framework: UK data protection is governed by:

• UK General Data Protection Regulation (UK GDPR) - the main law setting out data protection principles and individual rights
• Data Protection Act 2018 - UK legislation that supplements the UK GDPR and provides additional detail for UK-specific situations
• Data Protection (Charges and Information) Regulations 2018 - requires most organisations to register with the ICO and pay the annual data protection fee

Penalties: Up to £17.5 million or 4% of annual global turnover (whichever is higher) for serious breaches.

References: UK GDPR, Data Protection Act 2018, Data Protection (Charges and Information) Regulations 2018, ICO Guide: UK General Data Protection Regulation, ICO Data Protection Fee

UK law requires you to make "reasonable adjustments" for disabled users. This isn't just good practice—it's a legal requirement.

Minimum standard: WCAG 2.2 (Web Content Accessibility Guidelines)

What this means in practice:

• Text alternatives for images
• Keyboard navigation for all functions
• Good colour contrast (4.5:1 ratio minimum)
• Clear headings and page structure
• Captions for videos
• Forms that work with screen readers

Legal framework: Website accessibility is required under:

• Equality Act 2010 - prohibits discrimination against disabled people and requires all UK service providers (public and private) to make "reasonable adjustments" for disabled users
• Public Sector Bodies (Websites and Mobile Applications) Accessibility Regulations 2018 - specific requirements for public sector websites to meet WCAG 2.1 Level AA standards

Enforcement: The Equality and Human Rights Commission (EHRC) can take legal action against organisations with inaccessible websites. While few cases have reached court, several companies have settled out of court with accessibility organisations.

Penalties: Unlimited fines, enforcement orders, and reputational damage. The Equality Act allows for discrimination claims in courts.

Accessible websites work better for everyone, not just disabled users. They're often faster, cleaner, and more efficient. Good accessibility practices reduce technical debt and maintenance costs.

References: Equality Act 2010, Public Sector Bodies Accessibility Regulations 2018, W3C WCAG 2.2

Cookie consent: If you use non-essential cookies (analytics, marketing, social media), you need user consent.

What counts as "consent":

• Clear explanation of what cookies do
• Option to accept or reject non-essential cookies
• Easy way to change preferences later
• No pre-ticked boxes

Essential cookies: These don't need consent (basic site functionality, security cookies).

Marketing rules:

• All claims must be honest and verifiable
• No misleading or deceptive practices
• Email marketing needs explicit consent
• Clear unsubscribe options

Legal framework: Cookies and digital marketing are governed by:

• Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) - requires consent for non-essential cookies and regulates electronic marketing
• Data (Use and Access) Act 2025 - recent updates to PECR allowing some low-risk analytics cookies without consent, increased penalties to £17.5 million
• Consumer Protection from Unfair Trading Regulations 2008 - prohibits misleading marketing practices

Penalties: Up to £17.5 million or 4% of annual global turnover under reformed PECR. Enforcement action increasingly common.

Efficient cookie policies and honest marketing reduce bounce rates and build genuine user relationships. Less tracking means faster page loads.

References: Privacy and Electronic Communications Regulations 2003, Data (Use and Access) Act 2025, ICO Cookie guidance