Skip to main content
We’re here with practical legal information for your business. Learn about employment law, company law and more.


Setting up a business involves complying with a range of legal requirements. Find out which ones apply to you and your new enterprise.

What particular regulations do specific types of business (such as a hotel, or a printer, or a taxi firm) need to follow? We explain some of the key legal issues to consider for 200 types of business.

While poor governance can bring serious legal consequences, the law can also protect business owners and managers and help to prevent conflict.

Whether you want to raise finance, join forces with someone else, buy or sell a business, it pays to be aware of the legal implications.

From pay, hours and time off to discipline, grievance and hiring and firing employees, find out about your legal responsibilities as an employer.

Marketing matters. Marketing drives sales for businesses of all sizes by ensuring that customers think of their brand when they want to buy.

Commercial disputes can prove time-consuming, stressful and expensive, but having robust legal agreements can help to prevent them from occurring.

Whether your business owns or rents premises, your legal liabilities can be substantial. Commercial property law is complex, but you can avoid common pitfalls.

With information and sound advice, living up to your legal responsibilities to safeguard your employees, customers and visitors need not be difficult or costly.

As information technology continues to evolve, legislation must also change. It affects everything from data protection and online selling to internet policies for employees.

Intellectual property (IP) isn't solely relevant to larger businesses or those involved in developing innovative new products: all products have IP.

Knowing how and when you plan to sell or relinquish control of your business can help you to make better decisions and achieve the best possible outcome.

From bereavement, wills, inheritance, separation and divorce to selling a house, personal injury and traffic offences, learn more about your personal legal rights.

Keep your web cookies legal

It is illegal to use web cookies on your website without first seeking permission from users, and with the General Data Protection Regulation (GDPR) in effect since May 2018, the rules have tightened up again. What does this mean for your website?

To comply with web cookie laws, businesses are required to remove web cookies from their websites completely or to install a method of requesting user consent - such as pop-up windows on a home page.

You must also explain to people how you use web cookies and what data they collect.

What are web cookies?

So what are cookies and how do they work? "Cookies act as a record of where you have been online, such as which sites and pages you have visited," says Stuart Mackintosh, managing director of IT consultancy OpusVL.

"By installing a piece of code on to a site user's computer, they enable websites to remember consumers and their online preferences, such as login details, surfing history and buying habits. Generally, they are beneficial - without them, online shopping would be much harder," he points out.

The web cookies law

According to the Information Commissioner's Office (ICO), the body responsible for regulating the law, most UK business sites use web cookies in some form or another.

Mackintosh advises website owners to carry out an audit to assess what web cookies are used, what purpose they serve and how intrusive they are.

"Crucially, the law states that consent must only be sought if personal data is being stored about a consumer," he explains.

"If cookies are used purely to manage the transaction process, by remembering what is in the consumer's basket, for instance, they are deemed 'strictly necessary' and consent is not required."

The new, wider definition of personal data introduced by the GDPR, however, means that cookies that might not have been caught previously may now be classed as storing personal data. IP addresses and other online identifiers now qualify as personal data. Personal data that has been pseudonymised may also qualify depending upon how easy it is to identify an individual from that data (whether on its own or in combination with other data).

The Information Commissioner has produced helpful guidance on web cookies which will help you decide whether your cookies qualify as strictly necessary and whether consent is required.

Third-party web cookies

However, the situation is more complex if your website uses third-party web cookies.

"If you use or allow cookies to track visitors from any external sites, or use third-party advertisements, both of which are likely to store personal information about visitors for marketing purposes, you will need to provide visitors with a clear method of opting out," Mackintosh stresses.

Consent and opting out from web cookies

Since more cookies will now contain personal data, the GDPR’s consent requirements come into play. Implied consent is therefore unlikely to be sufficient, ruling out pop-ups with simple messages like “by using our site, you accept our cookies”. Advice simply to adjust browser settings will also not be enough.

Offering users the opportunity to opt out of cookies that are not strictly necessary before those cookies are set is likely to be the best option in many cases. Control should also be “granular”, meaning that if there are different categories of cookie on your site, users should be able to pick which to accept and which to opt out of.

This can be achieved in several ways, the most obvious being a pop-up window. "But pop-ups are intrusive and web users typically don't like them," Mackintosh points out.

An alternative is to set up a permanent element on a home page. "For instance, you could build a box on the right-hand side that slides up and down, displaying the site's cookie status."

For websites that sell products or those that require users to register first, the most straightforward way to secure consent for web cookies is to direct customers to a terms-and-conditions page; however, it should be kept in mind that cookie and privacy information should be prominently displayed, and caution should be taken to avoid burying it in a lengthy set of terms and conditions that customers may not read in full.

To comply with best practice, you should also set out a privacy policy on your site that explains what web cookies are and how your business uses them. "It's worth making sure that users can link directly to this from anywhere on your site," advises Mackintosh.

It is also important to keep access to web cookie information and controls close to hand as individuals have the right to withdraw their consent at any time under the GDPR. People must be able to change their minds easily.

Whichever route you choose, the use of web cookies needs to be clearly displayed on your website. "Don't make things obscure because this could lead to complaints, or worse, you could be prosecuted," Mackintosh concludes.

Stay up-to-date with business advice and news

Sign up to this lively and colourful newsletter for new and more established small businesses.