We cannot give legal advice. The following notes are intended to give you a few points of reference but note we are not responsible for the content of external websites
Links to some of the websites that affect organised sales by phone, post or over the internet and footfall sales. These links will open in a new window or tab
The protection offered to consumers by these and other regulations and codes can appear onerous but properly presented can help give an uncertain prospective customer the confidence to proceed.
Implemented 25 May 2018 this regulation affects just about every business and organisation, however large or small, handling any information relating to an identifiable person.
The Data Protection Act 2018 (which replaced the Data Protection Act 1998) tailors how the GDPR operates in the UK.
Visit the Information Commissioners Office website for more details including scope, requirements and registration.
Payment card industry standards
Check the latest PCI Standards and resources at PCI Security Standards Council
Strong Customer Authentication (SCA)
The Payment Services Regulations 2017
Payment Services Directive (PSD2) introduced Strong Customer Authentication (SCA) applicable to card-based ecommerce transactions in the European Economic Area (EEA).
A guide (pdf) to SCA is on the ukfinance.org.uk website
The Financial Conduct Authority has extended the deadline for applying strong customer authentication (SCA) to ecommerce to 14 September 2021 in the UK but be aware major providers will be implementing some changes well before then.