Business Law

Guide to Legal Compliance for Websites

We’ve put together a list of the most important legal compliance issues to pay attention to for your website.

Putting up a few disclaimers or adding a privacy policy to your website represents only a small part of the legal compliance necessary when operating a website. 

You must adhere to other legal requirements if you expect to run your website in a fully compliant manner. 

We’ve put together a list of the most important legal compliance issues to pay attention to. 

Cookie Consent Notices

Your website needs a Cookie Policy. You can place it in your footer, header, or within a pop-up window. Your policy needs to provide the following information to website visitors:

  • Disclose your site’s use of cookies
  • Explain the reason for using cookies
  • Disclose what visitors accept or agree to
  • Reveal how you use information gathered from cookies by linking to your privacy policy
  • Provide visitors the ability to customize their cookies/advertising preferences, or opt-out of cookies

You can use a checkbox for visitors to tick off when accepting cookies. You can’t pre-tick the box, however, because that violates GDPR. 


Any website in the European Union, or one that gets visitors from the EU, must follow GDPR guidelines. These guidelines revolve around the collection and storage of personal data. You must protect personal data from misuse, let visitors know if you encounter a data breach, and respect user privacy. 

GDPR requires websites to:

  • Allow visitors to give or withdraw consent to having their data collected and/or used
  • Let visitors know of data breaches within 72 hours
  • Collect only “necessary” data
  • Allow visitors to access any info that gets collected and stored
  • Limit employee access to visitor data

Follow the full GDPR guidelines found here

Privacy Policies

A privacy policy discloses that your website collects data and states exactly what type of data you collect. The privacy policy should reveal whether you keep data confidential or not. If you share it or sell it to third-party companies, then you must reveal that fact. 

Place a link to your privacy policy in your footer or inside your “About” menu structure. You can also place it on account registration or checkout pages. 


CalOPPA stands for the California Online Privacy Protection Act. This act was put in place to protect “personally identifiable information” and the privacy of California residents. All websites based in CA or attracting traffic from California residents must adhere to CalOPPA.

The first step in complying is including a privacy policy on your website. Next, you must protect visitor data such as:

  • Email address
  • Name
  • Physical address
  • Social Security number
  • Phone number
  • Birthday
  • Physical appearance information, such as hair color, height, and weight

Your website’s privacy policy needs to include the following:

  • Explain what information you collect and store
  • Reveal how visitors can change their info
  • Disclose any third parties with access to visitor data
  • The date you last updated the policy
  • The method you use to notify visitors of privacy policy updates

Another CalOPPA requirement includes telling visitors how they can submit a Do Not Track request.

The Can-Spam Act

Adhere to the Can-Spam Act if you perform email marketing. The FTC monitors this act and you need to follow their compliance rules when gathering email addresses from website visitors. Make sure you get permission from leads before sending out emails to them.

Content Attribution

If you use any graphics or images that you haven’t created, then you must include attribution so that the original creators get their credit. This applies to buying images from image websites. Each image you purchase comes with specific usage rights. Follow the content attribution for each purchased graphic. 

The Americans with Disabilities Act (ADA)

The ADA prohibits anyone from discriminating against people with disabilities. Ensure that anyone with disabilities can access your website, including people with visual or hearing impairments. This requirement applies to businesses open more than 20 weeks per year and employing 15 or more workers.

E-commerce HTTPS

Use HTTPS (Hyper-Text Transfer Protocol Secure) with e-commerce sites. The protocol encrypts information sent from a visitor’s browser to your website. You can expose sensitive financial data if you aren’t using HTTPS.


It isn’t difficult to keep your website operating under the proper legal compliance. Educate yourself on what’s required, put each step in place, and run your business without worry. 


How Big Fashion Brands Commonly Steal Designs and Get Away With It

Back to Business Law

Sony Facing Class Action Over Playstation's Digital Store