As 2018 starts to rev up, it’s time to start making plans for the year ahead: setting goals, filing paperwork, and making sure everything is in order. In the world of ecommerce, this can also be a great time to check where things stand in your industry, and bring yourself up to speed with any planned changes to legislation.
With any business, there is a range of legal considerations to keep in mind at all times, and no less so for online stores. So whether you plan to launch a new ecommerce store in 2018, or continue an existing business, here are a few pointers on making sure your business is legally compliant.
1. File Your Taxes
In the US, the tax year runs from January 1st to December 31st, and you will need to have submitted your federal tax return by April 15th. If this is your first return, you can adopt a different fiscal year, but to change your tax year, you will need to apply to the IRS for their approval.
Remember that state deadlines may be different from federal requirements, so it’s important to check that you are compliant at both levels. In the meantime, keep track of all paperwork concerning your income and expenses, as you may be required to submit proof of these figures.
2. Are You PCI Compliant?
As you might expect, taking online payments comes with its own set of standards and compliance checks. As online businesses generally handle a large volume of sensitive consumer data, they are regularly targeted by data thieves and hackers. As such, you have a legal obligation to your customers to be compliant with PCI standards.
The provision of a secure and encrypted checkout service is only the first step. You will also need to ensure that any purchasing information is correctly handled, processed, and destroyed in line with data protection regulations.
For example, if you take orders over the phone, it is essential that you have processes in place to ensure that details such as a customer’s card number are not written down on paper. Similarly, if you record any calls for quality control, you must ensure that no sensitive information is stored in these audio clips.
Top tip: using a secure ecommerce hosting solution can be a way around this. Shopify, for example, is both SSL and PCI compliant – there are no extra steps you have to take as a store owner to put this security in place.
3. Check Industry Regulations
Depending on what you’re selling, there may be restrictions in certain countries, or even in some states, to which you must adhere. If there are regions your store serves in which some of your products or services are restricted, state this clearly so customers understand that it’s a point of law, and you cannot ship to them.
You may also find that some of your content or products are age-restricted. To handle this, you may need to request that site visitors provide their date of birth, or confirm that they are of legal age to view your content in their country of residence.
In some cases, shipping certain items internationally may require you to fill in a customs declaration to avoid the package from being detained, or incurring additional charges for your customers. While this is not always required by law, it is often good practice, as it results in a better experience overall for your customers.
It is also important to review the shipping restrictions for anything you plan to send, as some companies have individual policies that may affect your business. If your chosen shipper restricts some of your stock, don’t lose hope; there is still a company that will likely transport your goods. You may just have to search around a bit.
4. Set Out Your Company Policies
Having clear terms and conditions not only makes things easier on your customers, but also protects you in the event of a dispute. Take the time to review your delivery and refund policies, and make sure that they are easily located on your website.
Being able to find these key details about your services can be the difference between making a sale and losing a customer, as many buyers prefer the reassurance of being able to review policies before making their purchase.
You should define a set window for returns, and make it clear in your policies whether the customer will need to return packaging, cover shipping costs, or use mail tracking. The clearer and more detailed your policies are, the better they will protect you.
5. Protect Your Intellectual Property
Your brand, logo, and of course your products, all have value. As such, you may want to invest in trademarks for your intellectual property. This protects your business assets and IPs from theft, and helps to avoid potentially costly disputes if someone else starts using or mimicking your intellectual property.
If you decide to register a trademark, there is detailed guidance on the USPTO website. However, it is also sensible to consult with your attorney, so you can be certain that you are making the correct choice and that you have completed your application correctly.
Intellectual property is a complex matter, and you will not always need a trademark. Depending on your state and the circumstances of a dispute, simply having a long-standing brand can go some way towards protecting your IP. However, correctly registering with the Patent and Trademark Office adds an extra level of protection, so you can focus on building your business, happy in the knowledge that your ideas are protected.
As an added layer of protection, many business attorneys will also advise you to consider setting up an LLC. This separates your business from you as an individual, which means that if something goes wrong and a case is brought, it will be against your business and not you personally.
6. Comply With Data Protection Regulations
Going hand in hand with PCI compliance, ensuring that you are up to speed with data protection legislation is essential if you want to be certain that your business practices are all above board. A few of the topics you need to be aware of include the following:
- Gathering consent, and the responsibilities of the data controller.
- Transfer of data internationally.
- Third party data processing.
- Cyber security and network hygiene.
- Individual rights to access and removal of personal data.
As part of this, you should also be aware of the individual data protection and processing policies of any applications or platforms you use for your business, including any ecommerce CMS or website builder you may have used for your website.
For example, you may interact with customers over social media, or require them to register via your business application. In each case, it is important to consider not only how you store that data once it reaches you, but also how the applications used for its transfer might treat that data. Where possible, remind your customers to be aware of the same factors, and discourage them from sharing personal details on public platforms.
Keep in mind that the precise legal requirements for your ecommerce business will vary depending on where you are in the world, and to whom you are selling your products or services. In the US, certain regulations vary from state to state, and also may differ from federal regulations.
If in doubt, it is always better to read up on the relevant areas of law, or seek professional counsel. After all, no one wants their hard work and entrepreneurial success to go to waste because they got hung up on a legal technicality that could have been easily avoided.