Checklists

Website launch legal checklist — what you need before you go live

5 min read ·26 April 2026 ·By Trust Center

Launching a website without the right legal foundations in place is a risk that's easy to avoid. Use this checklist before you go live.

Privacy policy

  • Privacy policy written and published on the website
  • Accessible from every page (footer link is standard)
  • Covers all data collection activities: forms, analytics, cookies, email sign-ups
  • Names all third-party services that receive personal data
  • Explains user rights and how to exercise them
  • Includes business contact details
  • Cookie audit completed — list all cookies your site sets and categorise them (essential vs non-essential)
  • Cookie banner in place if non-essential cookies are used
  • Cookie banner blocks non-essential cookies until consent is given
  • Cookie policy published (standalone or within privacy policy)
  • Users can change their cookie preferences after initial choice

Terms and conditions

  • Terms of use published if users will interact with the site in any meaningful way
  • Terms of sale published if any products or services are sold
  • Returns and refund policy published (required for EU/UK eCommerce)

Contact information

  • Business name and legal entity displayed
  • Registered address displayed (required in EU/UK)
  • Contact email or phone number accessible from the site
  • Company registration number (required in UK, EU for limited companies)
  • VAT number if VAT registered

Security basics

  • HTTPS enabled on all pages (SSL certificate active)
  • All forms submitted over HTTPS
  • Contact form includes spam protection

Data Subject Access Request capability

  • DSAR contact route published (email address or form)
  • Process in place to respond within 30 days

If you're running paid advertising

  • Advertising disclosures in place if required (influencer rules, FTC compliance)
  • Remarketing pixels only set after cookie consent (EU/UK)
  • Landing pages comply with platform requirements (Google, Meta policy compliance)

Accessibility

  • Site tested for basic accessibility: keyboard navigation, alt text on images, sufficient colour contrast
  • Accessibility statement published (required for EU public sector and UK regulated sectors; best practice for all)

Post-launch

  • Privacy policy update process in place — review whenever you add new tools or services
  • Cookie audit scheduled — re-run whenever new scripts are added to the site
  • Annual compliance review calendared

Ready to simplify your compliance?

Trust Center manages your privacy policies, cookie consent, and DSARs — one platform, all your brands, always up to date.

Get early access →

Related articles

Checklists

UK data protection compliance checklist for small businesses

A practical checklist for UK businesses to meet ICO requirements under UK GDPR and the Data Protection Act 2018.

5 min read · 26 April 2026
Checklists

GDPR compliance checklist for small businesses

A practical GDPR compliance checklist for small and medium businesses — covering data mapping, privacy notices, consent, security, and ongoing obligations.

6 min read · 26 April 2026