We cannot give legal advice. The following notes are intended to give you a few points of reference but note we are not responsible for the content of external websites

Consumers' Rights and Sellers' Obligations

Links to some of the websites that affect organised sales by phone, post or over the internet and footfall sales. These links will open in a new window or tab

The protection offered to consumers by these and other regulations and codes can appear onerous but properly presented can help give an uncertain prospective customer the confidence to proceed.

General Data Protection Regulation (GDPR)

Implemented 25 May 2018 this regulation affects just about every business and organisation, however large or small, handling any information relating to an identifiable person.

The Data Protection Act 2018 (which replaced the Data Protection Act 1998) tailors how the GDPR operates in the UK.

Visit the Information Commissioners Office website for more details including scope, requirements and registration.

Card payments online

Payment card industry standards

Check the latest PCI Standards and resources at PCI Security Standards Council

Strong Customer Authentication (SCA)
The Payment Services Regulations 2017

Payment Services Directive (PSD2) introduced Strong Customer Authentication (SCA) applicable to card-based ecommerce transactions in the European Economic Area (EEA).
A guide (pdf) to SCA is on the website

The Financial Conduct Authority has extended the deadline for applying strong customer authentication (SCA) to ecommerce to 14 September 2021 in the UK but be aware major providers will be implementing some changes well before then.