Media coverage of the recent high profile data breaches has meant that many business owners are acutely aware of the Data Protection Act and, those in the know, are also making sure their business is ready for the General Data Protection Regulation (GDPR) – a seismic change in data protection law that will come into full force and effect in May 2018.

A summary of the changes GDPR brings in (and some top tips) be found here.

The time and cost of preparing for GDPR depends on many factors, including whether your business currently complies with the outgoing legislation and how much personal/sensitive data your business processes and/or controls.

All businesses will need to comply with the GDPR by May 2018. However, review of the GDPR in isolation is only part of the picture for consumer facing businesses. While the obvious reason to ensure compliance is to avoid the punitive fines and negative press, the increasing savviness of consumers means a business that doesn’t have the right procedures in place stand out as risks – and in an online world it is easy enough to simply go somewhere else. So compliance is more than a legal point – it is a crucial commercial advantage.

In 2014 the Commercial Contract Regulations were introduced – and the Consumer Rights Act 2015 enshrined further changes to how businesses have to deal with consumers, both in person and for the first time, online.

The changes are numerous, but, most importantly, impose further duties on businesses which sell products or services through their website. Some of the key changes are summarised below.

Additional Charges

  • Express consent must be provided by the customer for any additional payments.
  • You must provide a non-premium rate telephone line for customers to contact you.

Pre-purchase Information

  • If you do not provide the correct information to the customer prior to purchase, the cancellation period can be extended by up to 12 months (in addition to the statutory 14 days), giving a total of 54 weeks.
  • There must be a clear “obligation to pay” button or notice.
  • Clear information must be given by email before payment is taken.

Digital Content

  • The Regulations have now introduced the concept of digital content into UK lawe. downloadable goods such as music and books will be covered by the new regulations.

Cancellation

  • The statutory “cooling off” period has been extended to 14 calendar days from the previous 7 days.
  • There is now a requirement to provide the customer with a model cancellation form if they have a right to cancel.

Delivery

  • If the returned goods have diminished in value you can deduct an amount from the refund.
  • Goods must be delivered without delay, i.e. within 30 days, unless the customer explicitly agrees otherwise.

As a result of the legislation, one of the biggest changes is that orders will require a form of acknowledgement before an order is placed – e.g. an initial e-mail is sent to the customer after they have placed an order to confirm that the order has been received and provide a “durable” copy of the e-commerce terms, and then a subsequent e-mail is sent to confirm the order has been made, money has transferred and the product/service will be provided in adherence to the previously provided e-commerce terms.

If your business is consumer facing and doesn’t comply with the above or the GDPR now would be the time to kill two birds with one stone and revise your consumer facing documentation to ensure complete compliance. And if you’re not sure whether your business is currently compliant, consider taking our IP MOT service – the entry level is without charge or obligation.