Practical guides on Privacy Policies, cookie consent, Terms & Conditions and UK GDPR — written for business owners, not lawyers.
Under UK GDPR, almost every website that collects personal data must have a Privacy Policy. Here is what it needs to say, and what happens if you skip it.
PECR — the Privacy and Electronic Communications Regulations — governs cookies in the UK, not GDPR. The rules are stricter than most people think, and a lot of websites still get this wrong.
The Consumer Rights Act 2015 changed the rules around unfair contract terms. If your Terms & Conditions were written before 2015 — or copied from a US template — there is a good chance they do not hold up.
The ICO issued over £7 million in fines in 2024. Most cases were not tech giants — they were mid-sized companies that made avoidable mistakes. Here is a breakdown.
Public sector websites in the UK are legally required to have an Accessibility Statement. Private businesses are not — but the Equality Act 2010 still applies to them. Here is what that means in practice.
Since January 2021, the UK has operated under its own version of GDPR. For most businesses the differences are minor — but there are a few areas where the UK rules diverge in ways that matter.
UK GDPR Article 13 sets out exactly what information a Privacy Policy must contain when you collect data directly from users. Here is the complete list, explained in plain English.
A lot of businesses treat Terms & Conditions as a legal formality — something to publish and forget. In practice, well-written terms have saved companies thousands of pounds. Poorly written ones have cost just as much.
Many sole traders assume that because they are small, the rules do not really apply to them. The ICO and courts disagree. Here is what you need as a sole trader running a website.
Running an online shop in the UK means complying with at least four separate pieces of legislation. Here is what each one requires, and which documents on your website need to reflect them.