Make WooCommerce Legally Secure: Requirements for Europe

Michael Firnkes Last updated 20.10.2020
8 Min.
WooCommerce legally secure
Last updated 20.10.2020

WooCommerce is geared towards the US market. There are numerous legal requirements in the European Union, especially in Germany and Austria. You must take them into account during planning and operation - otherwise you could face warnings. We show you the most important requirements and WordPress -Plugins for your online shop.

It's not easy operating a web shop, regardless of whether you're using WordPress or any other system. One wrong setting and you face the quite realistic danger of a warning from competitors, competition associations, or authorities. This applies especially in either of the two following scenarios:

  1. The registered office for your online shop is in the EU
  2. If you sell from your shop to EU countries

In both cases, you cannot run WooCommerce in thestandard way. You will have to make the necessary changes yourself, or use appropriate tools to do so. Below you will find some hints on what is required. And we introduce you to Plugins , which will save you a lot of work.

Attention!

What specific legal requirements you need to adhere to depends on numerous factors. For example, on the location of your company headquarters, your industry, or your customer structure (delivery locations, B2C vs. B2B shops). The following information is therefore of a general nature and should be understood as such. You should always seek advice from a law firm specialized in online law before going live with your shop. 

Legal texts for WordPress and WooCommerce

Your legal texts are the pivotal elements for making your shop as legally secure as possible. These include, for example, the legal notice or the general terms and conditions, the privacy policy, and, in some countries, required information for revocation/return and shipping. You need these legal texts on suitable subpages of your online shop, sometimes also as information in the emails you send to your customers. These texts must be easily accessible and confirm or link to important points in the ordering process.

What exactly needs to be mentioned in the individual legal texts? Again, this depends on various legal requirements. Here is just a small selection:

  • What is your legal form, which goods do you sell, do you ship them or are they purely virtual (e.g. music, downloads)?
  • Which customer data is stored and processed by you and how (IP addresses, master data, use of cookies and other tracking solutions)?
  • Which external services do you use to process payments or ship your products?
  • Which service providers do you use for accounting, calculating and processing taxes, managing your customers (CRM), or inventory management?
  • Do you rely on cloud services to store customer data and in which country is this data stored?
  • Which tools do you use to analyze user behavior? (e.g. Google Analytics, Piwik/Matomo, etc.)
  • Do you send newsletters and other emails to your customers?
  • Do you use social networks such as Facebook, Twitter, Instagram etc. for your online shop and how exactly are these technically integrated?

For most countries and languages, there are now free or inexpensive online services to create suitable templates. See, for example, the data protection generator by Thomas Schwenke for Germany, or the article on creating GTCs from the sevDesk blog. However, with such sample texts you have no guarantee that they are really valid for your purpose. Documents created individually by a law firm are expensive, but usually safer for professional use.

WooCommerce and the GDPR

In the European Union, it is mainly the General Data Protection Regulation (GDPR ) that is causing headaches for shop owners. See our GDPR guide for WordPress agencies and freelancers. WooCommerce has created its own update here with the most important basics for compliance with the regulation:

  • Easier creation of data extracts if your customers request them. Within the scope of the GDPR you are required to create such reports on demand.
  • Integrated approval process to verify the authorization of incoming data requests (according to the so-called double opt-in procedure).
  • Function to delete personal data on customer request.
  • The optional anonymization of orders.
  • Ability to set time limits for the retention of certain data in WooCommerce.

Free Plugins such as WP GDPR Tools (GDPR) or Borlabs Cookie take on additional tasks, such as the integration of GDPR -compliant information on cookies. You should also have these checked by a lawyer. Special guidelines apply to tracking solutions such as Google Analytics or Facebook Pixel.

You can find special instructions for this on specialist magazines and blogs on the subject of online law. For Germany, Austria and Switzerland I recommend the blog of Thomas Schwenke.

In any case, you will need an extended data protection declaration with the GDPR . This contains, among other things, detailed information about the type of data processing in your company and with connected service providers. If applicable, your customers must agree to data processing by third parties via special checkboxes in the order process. These can be, for example, shipping service providers to whom you transmit information about the address of your customers and the order.

If you work with external companies, you may need so-called order processing contracts. These are special agreements with which your business partners guarantee that your customer data will be handled in accordance with data protection regulations. In some countries you have to create a data protection concept and appoint data protection officers. The European Commission has provided an information portal for all these requirements, the texts are available in several languages:

Information on the GDPR GDPR
EU information on GDPR

Depending on how strict they are and how often they change in your country, you can easily get bogged down trying to comply with regulations. Such stress can easily hamper your experience of running your online shop. That's why I recommend outsourcing this task, more on this later on.

Further requirements for legal certainty

Special rules on EU VAT or sales tax apply, at least in the B2C area, for operators who deliver certain digital goods to EU countries. The amount of tax depends on where the customer lives. The regulation applies worldwide, regardless of the shop's headquarters. If you are affected by the guidelines, you must ensure uniform end prices in your online shop - even if you have several different recipient tax rates.

The complex calculation of the EU VAT can usually only be solved with additional Plugins . Under the keyword "WooCommerce EU VAT" you can find different extensions for this purpose at wordpress.org, more about this in a moment.

There may be further specifications depending on the location of your online shop, industry or individual target countries of your orders. Make sure you consult an expert on which of these are relevant for you: 

  • Taxes for additional services, for example shipping costs or additional fees, often need to be calculated proportionately. This procedure is called split tax and depends on the goods and tax rates in the shopping cart.
  • When your visitors add products to their shopping cart, WooCommerce estimates the tax and shipping costs until the customer provides their address. Sometimes you are required to make this fact explicit.
  • If there are tax breaks for small and young companies in your country, they may have to be integrated into WooCommerce.
  • For products sold by weight, measure or volume, some countries require the display of the price per unit of measure or a basic price.
  • Do you distribute food, medical devices or software? There are different requirements depending on the target country as to what product information must be available where and in what form. These include, for example, the compatibility of software and e-books, nutritional values, ingredients, allergens, alcohol content, the type of packaging, quality and organic seals.
  • The double opt-in procedure is often required for both customer registration and outgoing emails.

Often you also have to add certain additional information to the prices on your product pages and in the checkout including:

  • The tax due
  • The delivery time
  • Notes on shipping costs
  • Information on the basic price and the price per unit

In some target markets, certain names are even prescribed for the Buy button. The same applies to invoices, delivery notes, cancellations and return notes, which are usually created directly by WooCommerce within the system. Here, too, there are sometimes mandatory specifications.

Some laws oblige you to operate your online shop with a secure connection via SSL. This should be a matter of course for a serious portal anyway. It also minimizes your business risk. Google also prefers portals that have an SSL certificate. Such a certificate is always included in the packages from RAIDBOXES.

WooCommerce plugins for Europe

As you can already see, the legal requirements in the EU are particularly strict, especially in Germany and Austria. You also have to deal with this if you only deliver to these target markets or your shop is available there. For the German-speaking market there are two special WooCommerce Plugins , which make your webshop as legally compliant as possible with little effort: German Market from MarketPress and Germanized from Vendidero.

You can implement the following functions without too much configuration: 

  • Legal text templates in which you only need to add your own information, for example your address. You'll receive new versions of the texts via the plugin update and you'll need to exchange these yourself. Alternatively, you can integrate services like Protected Shops. More on that in a moment. 
  • At all legally relevant points, necessary additional information such as taxes, delivery times, shipping costs, and the "price per unit" are displayed. The order in the checkout process also complies with legal requirements.
  • The plugins adjust your online shop to the GDPR. This includes, among other things, appropriate checkboxes. 
  • Split tax support, for example for shipping costs or fees and automatically. Automatically sequential invoice numbers.
  • Support of double opt-in for customer registration.
  • Age verification for goods with age restrictions such as alcohol or certain media.
  • Mapping of EU VAT and verification of the EU VAT identification number.

The plugins also support payment by SEPA direct debit (direct debit) as well as purchase on account. You can create individually designed PDF invoices, delivery or return notes. These not only look much more professional than WooCommerce's own emails, they are also legally compliant.

Neither plugin can guarantee 100% protection against warnings. They can, however, take a lot of work off your shoulders trying to make your webshop as legally secure as possible. It's essential to still have lawyers specialized in online law carry out a final check of your webshop. 

The plugin German Market also includes an automatic basic price calculation and a module for the Food Information Regulation. The latter is particularly important if you have to provide information on nutritional values or calorific values, allergens, ingredients, vitamins, minerals, weight, or other information for your products:

German Market
The module on the Food Information Regulation

The ability to connect to accounting systems such as lexoffice, sevDesk, the 1&1 online accounting system and the Billbee merchandise management system is very useful. Generally speaking, sooner or later you are going to need such systems for handling your finances and processes. An automated connection saves time and reduces the risk of transmission errors.

Service providers for legal certainty

For some European countries and languages, there are services such as Protected Shops, the Händlerbund, or the IT law firm. These services provide continuously updated legal texts to make your shop even more resistant to warnings. The providers also have interfaces to WooCommerce so the legal texts are automatically updated when the law changes. This considerably reduces the time you need to spend on administrative tasks considerably. 

The texts are partly available in different languages and for different European states, even if the services are based in Germany, like here the Händlerbund:

Händlerbund
Legal information on the Händlerbund portal

Multilingual legal texts are especially helpful if you want to offer your shop internationally. Or if you sell to the EU from other countries.

With some of these providers, you can purchase additional packages including, for example, legal advice or help in case of warnings. This may be an alternative to hiring your own law firm and not only an option for smaller online shops. In this case, you should make sure that you know exactly which services are covered by the service providers. Do they check that the structure of your shop pages complies with the law? Or the legal suitability of WordPress plugins? Large shops often follow a two-track approach here: they purchase a (more cost-effective) service for processes that can be standardized and, for more complex questions, they then commission a law firm specialized in online law. 

Conclusion and further tips

There are some good extensions available that make your WooCommerce Shop as legally secure as possible - but no one can offer you 100% protection. You still need to get support from suitable specialist lawyers, especially at the beginning. Only they can estimate which additional measures are necessary for your business model.

We recommend that you include the "legal security" factor in the cost calculation for your online shop. Especially if you can't implement all of the above points yourself. As soon as you include your own working time, a sum in the low five-digit range quickly becomes due until the first version of your webshop can go live. And also the ongoing maintenance is quite expensive. You can find more information about this in the article Costs of WooCommerce.

You can find more tips on WooCommerce in our 70+ sites strong e-book WooCommerce for professionals: Online shops with WordPress . It is aimed at freelancers, agencies, WP professionals, but also at beginners.

You have questions about WooCommerce? Feel free to use the comment function. You want to be informed about news about the shop system? Then follow us on Twitter, Facebook or via our newsletter.

Contributing photo: Samuel Zeller

Related articles

Comments on this article

Post a comment

Your email address will not be published. Required fields are marked with *.