Website Rules in the United Kingdom

UK websites operate under the UK GDPR and PECR. The ICO enforces privacy rules with fines up to £17.5 million. Companies House registration must be displayed.

Data protection authority:

Information Commissioner's Office

(ICO)

Requirements

country-specific rules

Guides

guides available

Specific requirements for United Kingdom

Companies House number

UK limited companies must display their company registration number, registered office address, and place of registration on their website.

UK GDPR

The UK retained GDPR after Brexit as UK GDPR. Requirements are mostly the same as EU GDPR, but the supervisory authority is the ICO, not an EU DPA.

PECR (cookies and email)

The Privacy and Electronic Communications Regulations govern cookies and electronic marketing. Fines can reach up to £500,000 (separate from UK GDPR fines).

Accessibility

Public sector websites must meet WCAG 2.1 AA. The EAA does not apply in the UK post-Brexit, but the Equality Act 2010 requires reasonable adjustments for disabled users.

Enforcement in United Kingdom

The ICO fined British Airways £20 million for a 2018 data breach affecting 400,000 customers. For smaller organisations, the ICO has issued enforcement notices to businesses failing to respond to subject access requests within the 30-day deadline, with penalties starting at £500 for repeat offenders.

Official resources

Check your website for United Kingdom requirements

Our scanner checks for United Kingdom-specific requirements automatically.

Website Rules in the United Kingdom

Specific requirements for United Kingdom

Companies House number

UK GDPR

PECR (cookies and email)

Accessibility

Enforcement in United Kingdom

Official resources

Guides for United Kingdom

GDPR Compliance Checklist for Your Website (2026)

Do I Need a Cookie Banner? A Simple Decision Guide

Website Security Checklist: 10 Things to Check Today

Check your website for United Kingdom requirements