Guide

Create an online shop

The law and selling online

If you are selling online, there are a number of pieces of legislation you need to be familiar with. These are designed to ensure customers' personal data is kept secure, goods and services meet quality and suitability standards and online contracts are legally binding.

The Data Protection Act 2018 regulates how you use and protect personal information held about living people, eg in customer records. The Act affects information that you have on computer as well as any paper-based records. To comply with the rules you need to comply with the entirety of the Act and in particular with the following six data protection principles. These require that:

  • the processing of personal data must be lawful and fair
  • the purpose for which personal data is collected must be specified, explicit and legitimate, and not be processed in a manner that is incompatible with the purpose for which it was collected
  • personal data processed must be adequate, relevant and not excessive
  • personal data processed must be accurate and, where necessary, kept up to date
  • personal data processed must be kept for no longer than is necessary for the purpose for which it is being processed
  • personal data must be processed in a manner that ensures appropriate security of the personal data, using appropriate technical or organisational measures 

In order to comply with the Act and the GDPR, you must ensure that you provide customers with certain information. This could be contained in a 'privacy notice'. See privacy notices under the GDPR. This privacy notice information should be provided to your customers at the point in time when they provide you with their personal information. It makes sense to do this when they make an online order or account.

The Consumer Contracts Regulations require you to give your customers specified information before they place an order. You are also required to send the buyer an order confirmation and give them a 'cooling off period' in which they can cancel their purchase if they wish.

The E-commerce Regulations are designed to ensure online contracts are legally binding. They specify what information about your business and contract you must share with online customers and sets out guidelines for advertising and promotions. Read more about selling online and the law.

If your business is a limited company or limited liability partnership (LLP), under the terms of the Companies Act 2006, your website must show:

  • the full name of the company or LLP
  • the registered office address of the company or LLP
  • the registered number of the company or LLP
  • the place of registration of the company or LLP
  • if the company is being wound up
  • the VAT number (if VAT registered)
  • membership details of any trade or professional association