Website requirements by country

UK businesses operate under UK GDPR and PECR rather than EU law since Brexit. The Companies Act 2006 and Electronic Commerce Regulations 2002 require UK limited companies to display their Companies House registration number and registered address on their website. The ICO enforces data protection. Understanding your UK-specific obligations is essential, especially if you also serve EU customers who trigger GDPR.

Post-Brexit, the UK enforces separately — but cross-border cases still bite

• •The ICO processes over 10,000 personal data breach reports per year — more than any single EU DPA
• •Capita was fined £14M (provisional, 2025) by the ICO for security failings after a 2023 cyber-attack — the largest UK GDPR security action to date
• •HelloFresh (£140K, 2023) and Easylife (£130K, 2022) show the ICO targeting SME-scale marketing and profiling breaches under UK GDPR + PECR
• •Selling into the EU still exposes UK businesses to local DPAs: Belgium's GBA ruled IAB Europe's TCF consent framework unlawful (2022), affecting any UK site using IAB-style consent
• •UK businesses with EU customers may need an EU Article 27 representative — and EU businesses with UK customers need a UK representative under UK GDPR Article 27

Requirements by country