If you run an eCommerce store that sells products or services, there are several laws and regulations you need to comply with.

A key piece of legislation is the Electronic Commerce Regulations but, as we'll see, others apply too.

It's important to note from the outset that this article isn't offering legal advice and is by no means comprehensive. There may well be industry-specific regulations which you also need to know.

So without further ado, let's take a look at some of the need-to-knows.

Essential info for your website

When you set up an online store, there are certain pieces of information that you're legally obliged to provide to the customer. For your business to be clearly identifiable from the get-go, the relevant information has to be easily accessible and prominently displayed on your page.

The Companies Act 2006 sets out the following as essential pieces of info you have to disclose on your website:

1. The name, registered office address, postal address, phone number and email address of your company.
2. Your company's registration number.
3. The country where your company is registered.
4. Details of any trade or professional bodies that you're registered with, including registration and membership details.
5. Your VAT number.

This last point brings us to an important bit of guidance concerning prices. Your website must display prices clearly – that means making plain whether the price includes VAT or delivery costs. This is to ensure customers aren't misled, which is a surefire way to lose their custom.

Privacy policy

Alongside this descriptive information, you're legally required to display a privacy policy. This exists to ensure your company is in line with the Data Protection Act 2018, which implemented GDPR (the EU regulation on data protection) in the UK. Breaches of this act can result in a fine from the Information Commissioner's Office (ICO).

The DPA applies to all companies who handle personal data, from sole traders to SMEs, from microenterprises to big tech – and it applies to your online store.

Any personal data that you hold – from email addresses to payment card information – must be processed "fairly, lawfully and transparently" for a declared purpose. Data must be accurate, secure and deleted when no longer needed. Moreover, your customers have the right to access, update, erase and restrict the processing of their data.

Your privacy policy must be compliant with the DPA and make plain to the customer how your company collects and uses their personal data. It must include:

1. What data you're gathering – and how you store it.
2. What data you're sharing with third parties.
3. The option to opt-in or out. It has to be easy for users to opt-out.
4. How long you'll store their data.

This policy should be easy to find and easy to read. You might place it either at the bottom of the webpage or as a pop-up on entering the site.

If you're using cookies to track user behaviour, this must be made plain in your privacy policy. Visitors need to be able to access information on why you're using cookies, what types of cookies you're using and any third parties who have access to the data.

You also have to take steps to ensure that the data you do collect is safe from hackers. This means things like using an SSL certificate, updating antivirus software and having a plan in place in the event of a data breach.

Finally, as a bare legal minimum, your website needs a returns policy. This should include useful information on the terms and conditions of returning an item.

Accessibility

The Equality Act 2010 states that your website must be accessible to people with disabilities. You must make what are known as "reasonable adjustments" to ensure accessibility. You can read up on this area of government guidance here.

Communicating with the customer

You've probably spent a good deal of time working on the tone and content of your emails to customers. Perhaps you've set up a mailing list to go alongside confirmation emails. Don't let that hard work go to waste – there are laws governing the content of those emails that are so intrinsic to your commercial strategy.

First, an email must be clearly identifiable as having come from your business. Any ambiguity is frowned upon.

If you're sending out details of a promotion or competition then the terms and conditions must be spelt out plainly and accessibly. Any hidden Ts and Cs could land you in trouble with the regulator, as well as the consumer.

Who you send emails to is as significant as what they contain. The Privacy and Electronic Communications Regulations 2003 (PECR) lay down the law about marketing emails.

Essentially, you're only allowed to email an individual if that person has opted in to receive it. The days of automatic opt-ins are fading fast, and with that comes a need to incentivise customers to sign up to your mailing list. This will allow you to build customer relationships without spamming anybody.

Making a sale

When somebody buys a product or service from you, they're signing a contract – and the contract they're entering into has to be clear and detailed. This means clear delivery options and costs, accurate descriptions of the item(s) being sold, and, if applicable, the right to cancel.

Once the sale has been made, you must send an order confirmation and receipt immediately and make delivery within 30 days unless otherwise agreed.

So there you have it – some of the laws and regulations you need to keep in mind when running an eCommerce store.

Are you looking to partner up with a fulfilment centre? Here at Stowsafe, we take care of logistics, allowing you to focus on the things that really matter. For more on what we offer, take a look at our eCommerce fulfilment services.