Website Guides
30+ practical guides on GDPR, accessibility, security and EU e-commerce law — written for small businesses.
GDPR & Privacy
Complete GDPR Website Audit: Step-by-Step Checklist
UpdatedA step-by-step GDPR audit checklist for your website. Check cookies, tracking, privacy policy, forms, third-party services, and security in one pass.
10 min read · Updated Apr 2026
Cookie banner dark patterns in the UK: ICO enforcement in 2026
UpdatedThe 12 cookie banner dark patterns per EDPB taxonomy. ICO top-100 letter campaign, PECR enforcement and what the scanner detects after clicking reject all.
7 min read · Updated Apr 2026
Cookie consent in the UK: ICO rules your website must follow
Cookie consent rules for UK websites. PECR Regulation 6 requirements, ICO guidance, what 'strictly necessary' means, and how to test your banner.
8 min read · Updated May 2026
Do I Need a Cookie Banner on My UK Website?
UpdatedDo UK websites need a cookie banner? Yes, if you use any tracking — Google Analytics, Facebook Pixel, or similar. Here's what PECR and the ICO require, and what to do.
7 min read · Updated May 2026
GDPR Compliance Checklist for Your Website (2026)
UpdatedA practical GDPR checklist for small business websites. Check cookies, privacy policy, consent forms, and tracking scripts.
12 min read · Updated Apr 2026
GDPR compliance for UK businesses: website checklist 2026
What UK SMEs must do to comply with UK GDPR and PECR on their websites. Privacy notice, cookie consent, Companies House details, ICO enforcement cases, and a free check.
6 min read · Updated May 2026
GDPR Compliance for UK Restaurant Websites: Data, Bookings, and Consent
UpdatedEssential GDPR and PECR requirements for restaurant websites collecting booking data, email signups, cookies, and payment information. UK-specific guidance with examples.
6 min read · Updated Apr 2026
Google Fonts and GDPR: Why Your Website Might Be Leaking Data
UpdatedLoading Google Fonts from Google's servers sends visitor IP addresses to the US. A German court fined a website owner for this. Here's how to fix it.
7 min read · Updated Apr 2026
How to Check If a Website Is Trustworthy: 10 Essential Signals in 2026
UpdatedPractical checks for consumers and businesses to verify a website's legitimacy: HTTPS, privacy policy, business registration, contact details, certificate validation, and more.
5 min read · Updated Apr 2026
How to Create a Privacy Policy (Free Generator + Guide)
UpdatedCreate a GDPR-compliant privacy policy for your website. Use our free generator or follow this guide to write one yourself.
9 min read · Updated Apr 2026
ICO Investigation Process: What to Expect When the ICO Contacts Your Business
UpdatedWhat happens when the ICO investigates your business. Information notices, 30-day response deadlines, formal investigations, fine decisions and appeal routes explained.
8 min read · Updated May 2026
UK GDPR Fines Under the ICO: What Penalties Look Like in 2026
UpdatedICO fine bands under UK GDPR: up to £17.5M or 4% of global turnover. Marriott, BA and TikTok cases explained. What SMBs realistically face.
7 min read · Updated May 2026
UK GDPR vs EU GDPR after Brexit: what actually changed for British businesses
UpdatedUK GDPR vs EU GDPR for British SMEs in 2026. The Data (Use and Access) Act 2025, PECR cookie rules, ICO enforcement, the UK-US Data Bridge, and when you still need an EU representative.
13 min read · Updated May 2026
UK GDPR vs EU GDPR: What Actually Differs Post-Brexit and After the DUAA 2025
UpdatedSide-by-side comparison of UK GDPR and EU GDPR in 2026. When each applies, what the DUAA 2025 changed, adequacy status, and dual compliance for UK businesses selling into the EU.
8 min read · Updated May 2026
UK website privacy notice requirements after DUAA (2026)
UpdatedThe 14 mandatory elements of a UK GDPR privacy notice. DUAA 2025 changes, new complaint mechanism, recognised legitimate interests and ICO checklist for SMEs.
6 min read · Updated Apr 2026
Cookie-Script Alone May Not Be Enough: What a Scan Reveals Beyond the Banner
UpdatedCookie-Script is an excellent CMP for consent and cookie management. But it handles only PECR compliance. A website audit catches what it misses: data leaks, image copyright, accessibility, SSL issues.
5 min read · Updated Apr 2026
GDPR Fines for Small Businesses: Real Cases and Amounts
UpdatedReal GDPR fines for small businesses: actual cases from 1,000 to 50,000 EUR. What triggers enforcement and how to avoid it.
7 min read · Updated Apr 2026
GDPR for dental practices in the UK
UK GDPR and data protection for dental practices. Patient data as special category, GDC registration, NHS Digital obligations, record retention, online booking, and breach notification.
4 min read · Updated May 2026
GDPR for solicitors in the UK: SRA, Law Society, and ICO requirements
UK GDPR for solicitors. SRA Standards and Regulations, Law Society guidance, legal professional privilege and GDPR overlap, MLR 2017 retention, and website compliance.
5 min read · Updated May 2026
Google Maps on Your Website: The GDPR Problem
UpdatedEmbedding Google Maps sends visitor IP addresses and browsing data to Google without consent. Here are GDPR-compliant alternatives.
5 min read · Updated Apr 2026
Third-Party Tracking on Your Website: Find Hidden Cookies and Obtain Consent
UpdatedIdentify third-party trackers embedded in your website (Google Analytics, Facebook Pixel, YouTube, Maps). UK PECR Regulation 6 and GDPR Article 6 consent requirements.
6 min read · Updated Apr 2026
Accessibility
Accessibility Statement Template for UK Businesses (2026)
UpdatedAccessibility statement template for UK private sector businesses. What to include, why it matters for Equality Act 2010 reasonable adjustments, and a full sample text ready to adapt.
7 min read · Updated May 2026
Does the European Accessibility Act Apply to Your Business?
UpdatedThe EAA became enforceable in June 2025. Find out if it applies to your business, what it requires and what happens if you don't comply.
9 min read · Updated Apr 2026
EAA Penalties: What Happens If Your Website Isn't Accessible
UpdatedThe European Accessibility Act is enforceable. Here are the penalties for non-compliance and what enforcement looks like in practice.
8 min read · Updated Apr 2026
EHRC Investigations of Websites: When and How They Trigger
UpdatedHow the EHRC investigates website accessibility under the Equality Act 2006. Section 21 unlawful-act notices, what triggers formal EHRC action, and how organisations should respond.
7 min read · Updated May 2026
Equality Act Damages: How Vento Bands Set the Range for UK Accessibility Claims
UpdatedHow Equality Act 2010 damages work for UK website accessibility claims. Vento bands for injury to feelings, actual financial losses, and why most cases settle. No regulatory fines — this is civil damages.
7 min read · Updated May 2026
WCAG 2.2 AA in UK Law: How the Standard Plays Into Equality Act Cases
UpdatedWCAG 2.2 AA is not directly law for private UK businesses but is the benchmark courts and the EHRC use in Equality Act cases. How WCAG 2.2 differs from 2.1, what PSBAR 2018 mandates, and what failing specific WCAG criteria means in legal terms.
7 min read · Updated May 2026
Website accessibility and the Equality Act 2010
UpdatedThe EAA does not apply in the UK. Website accessibility is governed by the Equality Act 2010 anticipatory duty. WCAG 2.1 AA as de facto benchmark, EHRC enforcement and public sector PSBAR 2018.
6 min read · Updated Apr 2026
Website Accessibility Under the Equality Act 2010: What UK Businesses Owe
UpdatedHow the Equality Act 2010 applies to UK business websites. Section 20 reasonable adjustments, section 29 services duty, WCAG 2.2 AA as evidence of reasonableness, and how claims work.
7 min read · Updated May 2026
5 quick accessibility wins for your UK small business website
UpdatedFive concrete fixes that take hours, not weeks, to implement and align your site with WCAG 2.1 and the Equality Act 2010.
5 min read · Updated Apr 2026
Accessibility Statement: What It Is and How to Write One
UpdatedAn accessibility statement shows your commitment to an accessible website. Here's what to include and a template you can use.
7 min read · Updated Apr 2026
Restaurant Website Accessibility: Menu, Booking & Ordering
UpdatedYour restaurant website menu, booking form and ordering system need to be accessible. Here's what to fix and how to do it.
9 min read · Updated Apr 2026
Website Accessibility Overlays vs. Real Compliance
UpdatedAccessibility overlays promise a one-click fix but don't deliver. Learn why they fail and what actually works.
8 min read · Updated Apr 2026
Hotel Website Accessibility: Making Booking Work for Everyone
UpdatedHotel booking systems need to work for everyone. Here's how to make your hotel website accessible and meet EAA requirements.
8 min read · Updated Apr 2026
Security
My Website Says 'Not Secure'. Here's How to Fix It
UpdatedYour browser shows 'Not Secure' for your website? Here's what it means and how to fix it step by step.
6 min read · Updated Apr 2026
Website Security Checklist: 10 Things to Check Today
UpdatedA practical security checklist for small business websites. 10 things you can check and fix today without technical expertise.
7 min read · Updated Apr 2026
GDPR Requires a Secure Website: What You Need to Know
UpdatedGDPR Article 32 requires you to protect personal data with appropriate security. Here's what that means for your website.
7 min read · Updated Apr 2026
Outdated WordPress Plugins Are a Security Risk
UpdatedOutdated WordPress plugins are the top attack vector for small business sites. Learn how to check, update and review your plugins.
6 min read · Updated Apr 2026
Website Hacked? Here's What to Do Right Now
UpdatedYour website has been hacked or shows signs of malware. Here are the steps to take right now to contain the damage and get back online.
10 min read · Updated Apr 2026
What Does a Website Security Scan Check?
UpdatedWhat a website security scan actually checks: SSL, headers, vulnerable libraries, outdated CMS, and more. Learn what the results mean and how to fix issues.
11 min read · Updated Apr 2026
What Happens When Your Domain Expires: UK and Generic TLD Timelines
UpdatedDomain expiry follows different rules in the UK and generic TLDs. Know the exact timelines, suspension periods, redemption costs, and what you can do to prevent it.
7 min read · Updated Apr 2026
SSL Certificate: What It Is, Why You Need It
UpdatedAn SSL certificate encrypts data between your website and visitors. Here's what it does, why you need one and how to get one for free.
6 min read · Updated Apr 2026
Legal Pages
Company website trading disclosures in the UK (2026)
UpdatedMandatory website disclosures for UK companies. Companies Act 2006 s.82, E-Commerce Regulations 2002 and the s.83 contract enforcement stick.
6 min read · Updated Apr 2026
ODR Platform Abolished: Remove the Link From Your Website
UpdatedThe EU Online Dispute Resolution platform was abolished in July 2025. If your website still links to it, here is what to do.
11 min read · Updated Apr 2026
Germany: §5 DDG Replaced §5 TMG, Update Your Impressum
UpdatedThe German TMG was replaced by the DDG in 2024. If your Impressum still references TMG, here is what changed and how to update it.
11 min read · Updated Apr 2026
E-Commerce
Companies House Website Disclosures: What UK Law Requires on Your Site
UpdatedWhat UK law requires companies to display on their website. Companies Act 2006 s.82, Companies (Trading Disclosures) Regulations 2008, E-Commerce Regulations 2002, VAT number rules and sole trader requirements.
7 min read · Updated May 2026
Consumer Rights Act 2015: What UK Websites Must Disclose
UpdatedMandatory disclosures for UK e-commerce websites under the Consumer Rights Act 2015 and Consumer Contracts Regulations 2013. Pre-contract information, returns rights, and what Trading Standards enforces.
7 min read · Updated May 2026
DMCCA 2024: How the CMA Enforces Dark Patterns on UK Websites
UpdatedHow the CMA enforces dark patterns under the Digital Markets, Competition and Consumers Act 2024. Drip pricing, fake reviews, subscription traps, and the CMA's new direct-fining powers.
7 min read · Updated May 2026
DMCCA Fines: What 10% of Global Turnover Actually Means for UK Businesses
UpdatedDMCCA 2024 penalty structure for UK businesses. Up to 10% global turnover, £300,000 for individuals, daily continuing-breach penalties, and how the CMA calculates fines in practice.
7 min read · Updated May 2026
Online cancellation for UK consumers in 2026: DMCCA 2024 and the CCRs 2013
UpdatedUK cancellation rights for online contracts in 2026. CCRs 2013 14-day cooling-off, DMCCA 2024 subscription regime and CMA enforcement powers up to 10% turnover.
5 min read · Updated Apr 2026
Received a Getty Images UK Letter? Here's What It Means
UpdatedHow Getty Images UK enforcement letters work, how they differ from PicRights, what the realistic settlement range is under CDPA 1988, and what happens if Getty files in IPEC.
8 min read · Updated May 2026
Received a PicRights Letter in the UK? What to Check Before Paying
UpdatedHow PicRights operates in the UK, what to verify before paying a demand letter, realistic settlement ranges under CDPA 1988, and when to involve a solicitor.
7 min read · Updated May 2026
UK Copyright Act 1988: How Image Infringement Claims Actually Work
UpdatedHow CDPA 1988 applies to website image claims in the UK. Sections 16 and 17, damages under sections 96-97, the notional licence fee approach, IPEC vs High Court, and the 6-year limitation period.
7 min read · Updated May 2026
"Buy Now" vs "Order": Why Your Button Text Matters Legally
UpdatedEU law requires specific wording on order buttons. The wrong text could make your orders non-binding. Here's what your checkout button must say.
7 min read · Updated Apr 2026
EU Checkout Page Requirements: Button Text, Pricing & Consent
UpdatedEU rules for your checkout page: order button text, price display, withdrawal rights, and consent requirements. What you must show before the customer clicks Buy.
9 min read · Updated Apr 2026
Discount Pricing Rules: The 30-Day Prior Price Requirement
UpdatedEU Omnibus Directive requires showing the lowest price from the past 30 days when advertising a discount. Here's how it works.
8 min read · Updated Apr 2026
EU Consumer Rights for Online Sellers: Plain-Language Guide
UpdatedEU consumer protection law affects every online shop. Here are the rules you need to follow, explained without legal jargon.
7 min read · Updated Apr 2026
The 14-Day Withdrawal Right: What Every Online Seller Must Know
UpdatedEU law gives online shoppers 14 days to return purchases without reason. Here's what you must tell them and how to handle it.
8 min read · Updated Apr 2026
Email Marketing
Double Opt-in: Required or Not? It Depends on the Country
UpdatedDouble opt-in is required in Germany, recommended in Austria, and optional elsewhere in Europe. Here's what the law says in each country and how to set it up.
7 min read · Updated Apr 2026
Newsletter Signup Forms: GDPR Requirements
UpdatedYour newsletter signup form needs more than a checkbox. Here are the GDPR rules for email consent, what to store and how to avoid common mistakes.
8 min read · Updated Apr 2026
Pre-checked Signup Boxes Are Illegal: Here's Why
UpdatedPre-checked checkboxes for newsletters and marketing don't count as valid consent under GDPR. The Planet49 ruling made this clear. Here's what to fix.
9 min read · Updated Apr 2026
SPF, DKIM and DMARC: Email Security in Plain Language
UpdatedSPF, DKIM and DMARC explained simply. Learn what they do, why you need them and how to set them up for your domain.
7 min read · Updated Apr 2026
Why Your Business Emails End Up in Spam (And How to Fix It)
UpdatedBusiness emails landing in spam? You're probably missing SPF, DKIM, or DMARC records. Here's what they are and how to set them up.
7 min read · Updated Apr 2026
Email Marketing Consent: Country-by-Country Rules
UpdatedEmail marketing rules differ across Europe. Here are the consent requirements for the Netherlands, Germany, UK, Belgium and more.
10 min read · Updated Apr 2026
The Soft Opt-in Exception: When You Can Email Without Consent
UpdatedThe soft opt-in lets you email existing customers without explicit consent. But strict conditions apply. Here's how it works.
7 min read · Updated Apr 2026
Images & Copyright
Should you ignore a copyright demand letter?
UpdatedNever ignore a copyright demand letter from Getty, Copytrack or any image holder. Here's what to do instead and how UK courts handle these claims.
6 min read · Updated Apr 2026
Safe Free Image Sources for Your Business Website
UpdatedFind free images for your business website that won't get you a copyright claim. Unsplash, Pexels, Pixabay and more, with license details.
7 min read · Updated Apr 2026
Salon portfolio photos: copyright and client consent
UpdatedBefore/after salon photos create two legal issues: copyright ownership and GDPR consent. Here's who owns the photo and what permission you need.
6 min read · Updated Apr 2026
Using food photos on your restaurant website: UK copyright rules
UpdatedFood photos from the internet are nearly always copyrighted. Download one without permission and you risk a demand letter costing hundreds to thousands of pounds.
4 min read · Updated Apr 2026