Large businesses and enterprises in need of a content management system (CMS) today are spoilt for choice, because there are plenty of excellent platforms available. From WordPress to Sitecore to Drupal, the technology currently on offer is highly intelligent and intuitive. 

But so much choice can make the task of finding the right CMS for your own specific business complicated and time-consuming.  

Selecting a CMS is an important decision that requires a lot of research, followed by careful evaluation of all the various options. Of course, those processes can be very time-consuming. When you’re already extremely busy juggling dozens of other priorities, it’s challenging to give this the attention and effort it deserves. 

To solve that challenge, we’ve done the bulk of the hard work for you. In a new series of articles, we’ll provide you with direct, objective comparisons between some of the leading options for CMSs, helping you relieve the headache of researching and evaluating them yourself. 

In the first article of this series, we’ll be looking at the comparison between Sitecore and WordPress.

How Does the Security Compare for Both Platforms?

As we face ever-increasing concerns with cyber security, data protection, and various other digital challenges, finding a platform with robust security should be a top priority. 

Sitecore Security

Sitecore has a reputation of being the leading CMS for large businesses, guaranteeing an enterprise-grade experience that includes a high level of security.

Sitecore’s security is also strengthened by the vast range of in-built features within the platform, which we’ll discuss in more detail later. There’s no need to purchase more third-party software or plug-ins to enhance its functionality, which means you won’t be creating any additional vulnerabilities or risks. The platform also receives frequent security updates which bolster your protection even further.

If security is a concern for your business, Sitecore should be high on your list of potential candidates for a CMS. 

WordPress Security

For a long time, many people believed the misconception that WordPress isn’t secure enough for large businesses. However, industry leaders such as global investment firm Blackstone, the NHS in England, global research and advisory leader Forrester, and multinational bank Standard Chartered now use WordPress for their CMS. This goes a long way to proving that wrong. 

In fact, WordPress is already a secure, stable platform out-of-the-box. So, where did this myth come from? 

Well, vulnerabilities can arise in certain scenarios. Firstly, strong security with any technology is dependent on a well-managed hosting environment. If you have WordPress hosted in a secure environment from an experienced provider, with proactive security measures in place, your risk will be extremely low.

Secondly, plugins are something to be cautious of when it comes to security, both in terms of where they come from and keeping them properly maintained. Security threats will be minimised if you only use plugins from trusted sources. You should also ensure you always keep them tested and updated, ideally working alongside security-specific plugins like WordFence.

We appreciate this may sound like a lot of work. That’s why all the examples of the businesses succeeding with WordPress have the support of an agency partner who ensures all these things are taken care of during the development stage. It’s worth noting, though, that this will also be the case when adopting any CMS in a business setting.

Which Platform is More Scalable? 

One of the most important aspects of a CMS is its scalability. A CMS is a long-term investment, and this is one of the most influential factors in determining whether that investment will be successful or not.

You’ll need to ensure your site can evolve as your business grows and your needs change over time. This will require an infrastructure that can quickly and easily scale with more pages, additional functionality, and perhaps even more sites, without the burden of hefty costs for more development work.

How Scalable is Sitecore? 

Sitecore is designed specifically for large businesses, so its scalability is up there with the very best. Sitecore is a robust platform that allows your digital presence to grow seamlessly as your business grows, even if you need to build multiple sites to serve different groups of users in different languages. 

How Scalable is WordPress? 

WordPress is another highly scalable platform. Despite some still mistakenly believing that WordPress is suited to smaller businesses, you can use the CMS to build sophisticated, industry-leading sites. Like Sitecore, WordPress is agile and scalable enough to grow alongside your business and adapt to your changing requirements. 

How Capable are these Content Management Systems?

The main purpose of a CMS is to provide a software-based infrastructure upon which you can build and manage websites and applications. While most CMSs are similar on the surface, with the same fundamental functionality, they each have unique features and capabilities that differentiate them

For example, one critical indication of quality for a CMS is how easy it is to use. Once you’ve adopted a platform, you and your colleagues will need to feel immediately comfortable using it on a daily basis. If a CMS can’t provide good usability, it’s probably one you should avoid.

Sitecore as a Content Management System

Sitecore is actually considered a fully managed ‘digital experience platform’ that comes with more capabilities than the average CMS. 

Most of its best features are readily available as soon as you begin using Sitecore. That allows you to get a high quality site live very quickly without additional work within the platform.

However, Sitecore typically provides quite hierarchical, complex workflows that might be frustrating for small or agile teams. This can also create longer development cycles than usual, giving you a slower time-to-market than more intuitive systems like WordPress.

WordPress as a Content Management System

WordPress is easily the most popular CMS in the world right now, with around 45% of all websites built on the platform. One of the main reasons for that is its ease-of-use, with simple and efficient content management

This usability allows you to get up-to-speed quickly and share responsibilities across several members of your team, even if they have no previous content management experience.

WordPress also makes it convenient to edit content on a page-by-page basis, saving you valuable time, with its block-based design an ideal method for customisation and site management.

How Much Personalisation do they Provide?

The ability to customise and tailor your site’s content to your target audiences is more important today than ever before, with so much of modern business now taking place online. Therefore, this is another important point to consider when choosing between your various CMS options. 

Personalisation in Sitecore 

When compared with other platforms, Sitecore’s personalisation is excellent. Sitecore will provide you with a great deal of control over the structure and design of your pages, allowing you to tailor your user experience and drive greater performance for your site. 

This is particularly useful for larger businesses with high volumes of potential site visitors, delivering competitive differentiation and driving increased conversion rates.

Personalisation in WordPress 

WordPress is also highly customisable. You can use its flexibility to get creative with your design, and build bespoke features and functionality to better engage with your audience.

There’s not much to separate Sitecore and WordPress in this area. The gap in personalisation becomes even smaller if you find an experienced agency with WordPress-specific expertise to help develop your site and improve your customer experience.

Integrating with Other Systems 

Before your business invests in any digital platform, it’s important to ensure that technology can integrate easily with your existing software. Whether it’s your customer relationship management (CRM) or any other marketing systems, any digital tools you currently have should ideally be compatible with your new CMS.

How Sitecore Integrates with Other Systems

Sitecore integrates well with other systems. It allows you to achieve out-of-the-box integration with most of the leading CRM software, and plenty of other digital tools and platforms.

How WordPress Integrates with Other Systems

WordPress tends to be the easiest platform to integrate with your existing systems, because most brands and other SaaS products have already made themselves compatible.

This means you can deploy WordPress with minimal disruption, regardless of whether you’re building a new site from scratch or migrating your current site from a different CMS.

Total Cost of Ownership (TCO) 

Of course, you’ll also want to ensure you’re getting a solution that will deliver good value for money. With a CMS, the total cost of ownership (TCO) can vary greatly from one platform to another, due to factors like licensing fees and update-driven maintenance. 

Sitecore Initial Investment and Ongoing Costs 

Sitecore is an expensive option, even if you have a large budget to work with. You’ll be required to purchase licences for the platform with an ongoing renewal fee each year. These licenses come in tiers, so if you want to access the full range of benefits from Sitecore you’ll have to opt for the most expensive offering.

On top of that, you’ll also need to account for development costs with an agency, hosting costs, maintenance and support fees, and various other expenses that give Sitecore a very hefty total cost of ownership (TCO).

Furthermore, Sitecore requires ongoing management and maintenance to handle regular large-scale updates to the platform. When updates occur, new versions of the software come with a big price tag and may cause you to pay for additional development work to get your site up-to-speed. 

However, this could be a worthwhile investment if Sitecore’s features and capabilities are necessary for your specific requirements. If you’re looking for a quality, trustworthy enterprise-grade platform, Sitecore can justify the cost. 

WordPress TCO and Value

Conversely, WordPress is a much more cost-effective solution with a drastically lower TCO. Licenses for WordPress come at no cost and the software is entirely open-source. That means your implementation costs would be limited to just hosting, agency fees, and post-deployment support. 

If you decide to use any plugins or extensions of the platform, these will be licensed and paid for separately. However, businesses rarely need to bolt on many new tools or capabilities because WordPress is such a feature-rich platform already.

When WordPress is updated, unlike Sitecore, managing and testing your site can be done in just a few hours at a much lower cost.

A Word on Agency Partners 

One thing both Sitecore and WordPress have in common is the small selection of platform-specific agencies who can build high performance sites for large businesses using this technology.  

A CMS becomes far easier to use, and easier to drive strong return on investment (ROI), if you have a specialist partner supporting you. 

Finding an agency with the necessary experience and expertise to help you leverage these platforms to their full potential should be another important influence on your choice. From integration, to development, to maintenance, all the benefits and advantages of the platforms will require an agency to help you fully unlock them. 

How to Make Your Decision 

So, with all that information, how can you decide between the two? 

Both of these platforms are excellent options that would serve most businesses extremely well. After all, there’s plenty of good reasons why some of the biggest companies in the world use Sitecore and WordPress. 

Ultimately, when looking for a CMS that’s the right fit for your specific business, you should make a detailed assessment of your strategic objectives, unique requirements, budget, users, and other important factors. Use that to determine which solution is most capable of meeting those needs.

If you still need more help working through this process, read our comprehensive guide to understanding and evaluating the enterprise options for large businesses here.

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic. 

As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.

When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs. 

Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform. 

On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?” 

Is WordPress Secure? 

The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.

In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.

Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else. 

But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately. 

That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.

Best Practices to Strengthen WordPress Security 

1 – Secure Hosting

The hosting service you choose for your platform will determine how secure and well protected your data will be. 

It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services. 

Some things you should consider essential for a hosting provider include: 

• A fully-managed service with 24/7 support
• Automated monitoring and alerts
• Back-up and disaster recovery
• 99.99% up-time
• 100% pass-rate for data centre audits.

Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.

2 – Back-Up and Disaster Recovery 

Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses. 

3 – Be Careful with Plugins 

Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.

It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.

4 – Always Keep Your Platform Updated 

When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.

Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware. 

This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.

5 – Never Auto-Update Your Plugins 

You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience. 

Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform. 

6 – Use Security-Specific Plugins

Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro. 

These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.

7 – Enable SSL 

A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice. 

8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard 

Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.

9 – Encourage Your Users to be Mindful of Security 

The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.  

Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.

10 – Find a Trustworthy Agency Partner to Support You 

We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.  

That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.

It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.

Being Truly Secure is an Ongoing Process 

When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice. 

However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that. 

Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise. 

Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here. 

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

Summary

In the first few months of 2023, generative AI has burst on to the scene and begun to change our relationship with technology forever. Already, there’s plenty of evidence to suggest that people in a wide range of jobs will have to adapt quickly or risk being replaced. In this article, we explore the impact AI is having on the web design and development industry, as well as how businesses, and people, should approach working with this innovative technology. 

———

AI tools are nothing new. We’ve all been using them for years, from chatbots to predictive text to voice-controlled assistants like Siri and Alexa. But the recent mainstream adoption of AI tools such as Chat GPT, and the rapid advancement of the technology itself, has caused huge disruption across a number of industries. 

Many assumed that people like marketers, software developers, and UX and UI designers would be some of the last ones at risk of having their jobs taken by AI, due to their need for creative skill and use of human emotion. Ironically, these roles have been some of the first to come “under threat” over the past few months.

AI’s speed and efficiency is already forcing us to ask questions about the future of the web design and development industry. With that in mind, one question in particular has dominated discussion online so far this year:

Are our jobs in danger of being taken by AI? 

By now, you’re almost certainly aware that AI offers incredible value by accelerating workflows and augmenting skills. Some of the most beneficial use cases lie in: 

• Brainstorming and ideation
• Assistance in research and information-gathering
• Writing copy
• Writing code 
• Image and video creation 
• Data analysis 
• Automating manual processes.

AI can also devise entire business and marketing strategies, solve complex problems, and even create its own AI-powered applications from scratch. Perhaps most importantly, it can do all these tasks in a matter of seconds, when most of them would take a human several hours, days or even months. 

The Latest News and Tools (at the Time of Writing)

Over the past few months, there are more and more AI-powered tools being released on an almost daily basis. 

The number of AI tools that have been released recently is staggering, and the capabilities of some of them is truly mind-blowing. Just last month, in March 2023: 

• GPT-4 was released as an upgrade to Chat GPT. GPT-4 can understand images, process 25,000 words in one go, earn a top 10% score on complex exams, and even demonstrate some advanced reasoning capabilities. 

• Adobe released Firefly, which is a programme with a range of new generative AI features. It can create outstanding new content using simple language, with almost-unlimited creative options like turning 3D compositions into photorealistic images and automating advanced video editing processes. 

• GitHub launched CoPilotX, which can supposedly boost coding speed by up to 55%. CoPilotX has similar features to Chat GPT, but will be used by software engineers and developers to boost productivity and time-to-market. 

• And, just last week, Stability AI released its Stable Diffusion XL model, offering photorealism through an intricate editing interface. It’s reportedly built with around 2.3 billion parameters. 

It’s both exciting and terrifying to think these highly intelligent tools are just the tip of the AI iceberg. When you consider how common it’s now become to use AI to develop even more advanced AI, it seems that the rate of evolution will only continue to increase exponentially from here. 

How is AI Transforming Design and Development?

While these AI tools are extremely impressive, it’s not as straightforward as simply plugging them in and sitting back while they literally do your work for you. It’s possible we may get there one day, but right now we believe we’re a long way off.

These tools are highly sophisticated and intuitive, and their adoption is probably going to change the way we all work forever. However, this should be seen as technology that will augment and enhance people’s ability to do their jobs, or create new jobs entirely, rather than “steal” them away from us. 

The current use cases for AI are mostly just ways for you to do your work, much faster and more effectively. This could either be done by automating processes to save time, or by supplementing your existing skill-set with new capabilities with the help of AI. For example, if you wanted to convert your code from one language into multiple languages, you would be able to do this with the help of Chat GPT. 

When it comes to user experience (UX) design, one crucial thing AI will always be missing is human empathy, emotion, and understanding. A company looking to create a high-performance website that supports their strategic business goals and engages their target audience will fail if they don’t take into account human understanding and collaboration between them and their web development agency.

Outlining the What and the How is important, but the Why is arguably what drives great UX and UI.

“Design is not just a visual experience, it’s an emotional one. It should make people feel something.”

Nathan Shedroff, Author and Professor of Design Strategy

UX design is a nuanced, collaborative process, focusing on the specific requirements of the business and the specific needs of the target audience. You can save a lot of time using AI to produce a high volume of early conceptual designs or accelerate your copywriting process. But without the human element, none of these things will be authentic or anywhere near the required standard.

Potential Concerns and Risks with AI

Of course, we’ve not even mentioned the rising concerns and risks associated with AI yet. Just last month, over 1,000 technology leaders and influencers signed a petition to halt the development of generative AI until more governance can be introduced to ensure its safety.

There are still some serious grey areas regarding the use of this technology in business as well, from regulations and legal implications to the copyright of creative work like logos and images. These are providing opportunities for a wide range of new forms of cyber crime, phishing, and “deep-fake” imitations which could spiral out of control if left unchecked. 

There are also plenty of moral issues surrounding AI that we must consider. For example, what implications will there be for our society if global businesses do begin replacing humans with AI on a large scale? 

A key concern is that Generative AI is also having a significant impact on the environment, which is a conversation most people seem to be avoiding for the time being. With the global fight to reduce carbon emissions intensifying, and more businesses placing sustainability at the core of their values, there needs to be some action taken to balance those priorities with the efficiency and speed enabled by AI.  

The SoBold Perspective 

From our perspective, as a leading design and development agency, we believe that people will always want and need to work with other people. Personable relationships, real-life experience, and critical thinking are all essential parts of our work. In many cases, that’s also what many of our clients value most about our services. 

Granted, we’re always looking for innovative new ways to push the boundaries, and AI is an incredible tool that will help us do that. But it won’t replace crucial human characteristics like empathy, emotion, and subjective opinions. 

It will, however, help us spend less time on low-value tasks, and more time to focus on building stronger relationships and gaining a deeper understanding of our clients’ needs. That will only result in improving the work we deliver, which is something we’re always striving to achieve. 

The Verdict on AI (for Now)

This year will probably be looked back on as a turning point in history when AI was introduced to the world. But this technology won’t replace too many jobs just yet. Instead, it will enhance our ability to work smarter, faster, and more efficiently. 

For now, the only people at risk of losing their jobs to AI are those who fail – or refuse – to adapt to this new way of working and embrace the change. Similarly, if you’re using AI because you’re being lazy or complacent, that will also cause problems. You should never use work produced by a generative AI tool without checking its quality and accuracy, and you’ll always need to add a human touch before considering it finished. 

On the other hand, if you’re forward-thinking and agile, embracing AI will make you exponentially better at your job. Here at SoBold, we’re personally most excited by how AI has the potential to help us vastly improve the service we deliver for our clients.

Of course, this technology is evolving so fast that it’s difficult to predict where we’ll stand a year from now. We’ll be discussing this, and lots of other important trends, in our new monthly newsletter.

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

SoBold are delighted to announce that we have obtained a sponsor licence in order to sponsor international skilled workers to come and work at SoBold.

SoBold have always put heavy emphasis on hiring the best global talent for our needs, and we have strengthened our ability to do this by obtaining a Skilled Worker Sponsorship Licence. 

With all sponsorship licences that the Home Offices grants they need to be reassured that the sponsors can live up to the “significant trust” that the department places in them. The Home Office further made checks that SoBold is a “honest, dependable and reliable” workplace, and capable of meeting the responsibilities that it expects from sponsors.

Since being granted our Skiller Worker Licence, we have been fortunate enough to put it to use to hire two new team members. 

Anna de Moraes, joined SoBold, from Portuguese company, SpringParrot. Anna had been able to work remotely, and was living and working from the UK, when she got in touch with SoBold. Anna, who is natively from Brazil, said of the process: 

“​The steps were pretty clear and the whole process was quite simple. I’ve had friends waiting years for their visas to be approved while we were able to complete everything in a short period of time! I was already excited to start and, in a blink of an eye, I was finally part of the SoBold team!”

More recently, SoBold hired Santosh Gajera as a Back End WordPress Developer. Santosh has relocated from India in order to provide his services to SoBold. When asked about the process behind him getting his Skilled Worker VISA granted, Santosh said:

“To keep my IT career moving forward, I needed sponsorship from an organisation that sponsored my visa. SoBold has been an invaluable help in obtaining my Tier-2 (Skilled worker) visa. I am very thankful to their hard work and professionalism. My documents were handled very scrupulously by them, and they provided full support throughout the whole application process . I got my visa approved in two days, which is amazing, and they handled everything for me.”

SoBold worked with all-in-one digital platform, Nation Better in order to achieve our sponsorship licence and the process was streamlined, affordable and transparent.

SoBold already have a diverse talent pool, with staff from all over Europe, and with the help of Nation Better, we have been able to improve the way in which we hire international talent and open up opportunities further afield. We look forward to continue growing our team with exceptional overseas talent and have access to a wider talent pool.

SoBold Managing Director, Will Newland said:

We are absolutely delighted to welcome both Anna and Santosh to the SoBold team. Without our Sponsorship Licence we would be missing out on a large pool of talent that is the future of our business. We very much look forward to continuing to use our Sponsorship Licence to our advantage and giving skilled employees the opportunity to come and work here at SoBold.

For more information on what current vacancies we have, please visit our website careers page.

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy

Digital markets have experienced significant growth and dominance by a few companies and their platforms, raising concerns about competition, consumer choice, and data access. To address these issues, both the European Union (EU) and the United Kingdom (UK) have introduced regulatory reforms.

The EU has implemented the Digital Markets Act (DMA) and the Digital Services Act (DSA), while the UK has proposed the Digital Markets, Competition, and Consumer Bill (DMCCB) and the Online Safety Bill. 

We’ll look at the regulatory approaches taken by the EU and UK, highlighting similarities and differences in scope, applicability, the importance of consent and how to get started with compliance.

Data privacy regulations in the European Union 

The Digital Markets Act applies to companies designated as “gatekeepers” by the European Commission. Gatekeepers are the owners and providers of what the Commission identified as core platform services (CPS), such as search engines, social networking services, video-sharing platforms, and cloud computing services. 

Companies designated as gatekeepers must carry out self-assessments to determine that they have met and continue to meet both quantitative and qualitative criteria. The list of gatekeepers may grow or change over time based on these criteria. 

The quantitative criteria include a minimum annual turnover of €7.5 billion in the EU and at least 45 million active monthly users on the relevant platform or service in the last three financial years. Qualitative criteria consider the impact, importance, and market position of the CPS provider.

The DMA’s requirements are similar in many respects to those of the EU’s General Data Protection Regulation (GDPR), but are broader in some ways, addressing additional access to and uses of end users’ personal data. 

Data privacy regulations in the United Kingdom 

The Data Protection Act 2018 (“DPA”) covers the general processing of personal data in the UK and came into force on 25 May 2018, just before the EU GDPR took effect.

Following the end of the Brexit Transition Period, the EU GDPR became part of UK law through the European Union Withdrawal Agreement, and the Data Protection, Privacy and Electronic Communications Regulations 2019 (Exit Regulations). 

The EU GDPR gave rise to the UK GDPR, which came into force on January 1, 2021, as the EU GDPR no longer protected UK citizens’ data. It includes the provisions of the EU GDPR with only minimal changes to the core principles, rights and obligations for data protection.

The UK GDPR and the DPA 2018 (amended version) are now the principal data protection regulations in the UK. They require businesses to protect individuals’ data, obtain consent to collect and use it, and protect data subjects’ rights.

The Privacy and Electronic Communications Regulations (PECR) implemented the EU’s ePrivacy Directive (Directive 2002/58/EC) and sets out privacy rights relating to electronic communications. The PECR came into force in 2003 and .

The “British DMA”: Enter the Digital Markets, Competition, and Consumer Bill (DMCCB)

In the U.K., Parliament has yet to pass the British equivalent of the DMA, the Digital Markets, Competition, and Consumer Bill, or the DSA equivalent, the Online Safety Bill.

The DMCCB applies to digital commercial operations in the UK or affecting the UK market, which are deemed to have Strategic Market Status (SMS). The definition of a digital activity is broad and includes any service provided via the internet. 

To qualify as an SMS, a firm must meet criteria such as conducting a digital activity linked to the UK, having substantial market power, and holding a position of strategic significance. Turnover thresholds of £25 billion global turnover and/or £1 billion UK turnover are also considered.

Obligations and requirements

European Union: Digital Markets Act

The DMA imposes various behavioral obligations on gatekeepers. These include allowing third-party interoperability, granting access to user-generated data, promoting fair competition, and prohibiting preferential treatment of the gatekeeper’s services. 

Gatekeepers must appoint compliance officers and submit annual compliance reports to the Commission. 

Additionally, gatekeepers are required to inform the Commission about mergers (any “intended concentration”  irrespective of whether they’re notifiable under the EU Merger Regulation or national merger rules. (DMA Art. 14.).

United Kingdom: Digital Markets, Competition and Consumer Bill

Strategic Market Status (SMS) firms in the UK will be subject to strict behavioral obligations under the DMCCB. These obligations revolve around fair trading, open choices, trust, and transparency. 

The specific requirements will be tailored by the Digital Markets Unit (DMU) and the Office of Communications (Ofcom), the regulatory bodies overseeing the DMCCB and the Online Safety Bill, respectively. 

SMS firms must also report proposed acquisitions meeting certain thresholds to the DMU.

EU vs. UK processes

European Union: (Digital Markets Act)

The EU’s legislative-driven model designates gatekeepers based on size and imposes behavioral expectations through regulation. The European Commission develops and enforces these requirements for compliance from gatekeepers.

United Kingdom: Digital Markets, Competition and Consumer Bill (DMCCB)

The UK’s approach involves more regulatory discretion. The DMU and Ofcom determine if a company has Strategic Market Status and tailor specific remedies accordingly. This approach allows for a more flexible and tailored oversight of digital platforms.

Participatory regulation

In the UK, both the DMU and Ofcom adopt a participatory regulation approach. This means regulators work closely with target companies to develop behavioral expectations and codes that can be enforced. The companies conduct their own Duty of Care analysis, which is reviewed by regulators that provide guidance and work collaboratively to define behavioral codes.

This means that beyond what’s defined by the two regulations, gatekeepers and SMS are required to determine their own privacy requirements to apply to third-party businesses using their services.

The importance of consent management for EU, EEA and UK companies

While both the European Union’s Digital Markets Act (DMA) and the United Kingdom’s Digital Markets, Competition and Consumers Bill (DMCCB) emphasize the significance of obtaining user consent for data processing activities, there may be variations in specific requirements and implementation.

To address these differences and get ready for data privacy compliance, follow these steps:

1. Understand the regulations

Familiarize yourself with the specific consent requirements outlined in both the DMA and DMCCB. Identify any variations in terms of lawful bases for processing, explicit consent, and additional obligations.

2. Assess your website or online platform’s data processing

Assess your organization’s data processing practices and identify any areas of noncompliance. Scan your website and check its degree of GDPR compliance.

3. Implement a leading European consent solution

Choose a consent management platform that enables GDPR and ePrivacy-compliant user consent collection and signaling for DMA compliance. Ensure that the CMP provides features such as granular consent options, secure recordkeeping, and user-friendly interfaces.

The specifics of CMP implementation do depend on what platforms you’re using, like your CMS, as well as other tools, including Google Tag Manager and other services. Cookiebot CMP is flexible, has direct integrations with leading website platforms, and can be installed with just a few lines of JavaScript. There’s also a cookie WordPress plugin.

4. Customize consent banners

Tailor the consent banners displayed on your website or online platform to meet the specific requirements of each regulation. Provide clear information about data processing activities, purpose specification, and the ability to manage preferences.

5. Update your privacy policy

Review and update your privacy policy to align with the requirements of the DMA and/or DMCCB. Include details about the types of data collected, the purposes of processing, parties with access to the data, and how user consent is obtained and managed.

6. Train your team

Educate your staff about the nuances of both regulations and the proper implementation of consent management. Ensure they understand their roles and responsibilities in obtaining and managing user consent.

Final thoughts

The UK and EU regulatory initiatives are creating de facto global digital risk management standards, by taking significant steps to regulate digital markets and addressing concerns related to market dominance, competition, consumer choice, and data access. 

While the EU has implemented the DMA and DSA, the UK is in the process of enacting the DMCCB and the Online Safety Bill. The approaches differ in some aspects, but there’s a shared goal of promoting fair competition and protecting consumer interests.

Would you like these insights straight to your mailbox?

Your emailSubmit

I consent to my submitted data being processed and stored by SoBold in compliance with Privacy Policy