When developing a high-performance website with WordPress, certain requirements will demand that your agency partner goes beyond the “out-the-box” functionality of the platform.
There are two main ways your agency partner may work with you to build out custom functionality:
- Plugins
- Bespoke development.
While plugins are the go-to option for many small and medium-sized businesses, it shouldn’t always be such a quick decision between those two options. If you’re working on an enterprise-grade website, your agency should always give careful consideration when determining the best approach in every scenario.
In this article, we’ll help you understand how to determine the right option between plugins and bespoke development for your own WordPress website.
Why Are WordPress Plugins so Popular?
Since WordPress is an open-source platform with a very active global community of web developers, there are tens of thousands of plugins readily available. For almost any use case you can think of, there’s almost certainly a plugin for it; probably even several.
Plugins serve so many businesses so well because they’re pre-built functionality that quite literally plugs into your platform.
One of the main reasons plugins are so popular, especially for smaller businesses, is because they’re usually free. This provides a great cost benefit over bespoke development, on top of the obvious benefits in the speed of attaining the new functionality as well.
Why You Should be Careful with Plugins
Despite their popularity, there are downsides to plugins too.
Relying on too many plugins, or using low quality plugins, may slow the speed of your site down significantly. A good WordPress development agency will try to keep the use of plugins at a minimum to ensure the speed and performance of your site isn’t compromised.
Poorly built plugins, or ones that aren’t maintained sufficiently, could also cause glitches and errors to occur with the functionality they’re adding to your site.
Security is another concern with certain plugins. If a plugin isn’t maintained and updated regularly, this will create vulnerabilities in your platform that could be exploited by malware or cyber security attacks. These vulnerabilities could also creep in if your plugins are auto-updated and left untested by your agency partner.
Some less experienced agencies often fall into the trap of using too many plugins, while others are simply unaware of the risks associated with plugins from untrusted sources. This has given a bad impression of plugins in some circles. The missing ingredient there, however, isn’t the value of plugins, it’s the agency’s best practices.
When to Use WordPress Plugins
If there’s a feature you need to add to your site that’s already been built perfectly in a trustworthy plugin, it’s worth considering that approach instead of building something from scratch.
However, here at SoBold, we ensure a strict set of best practices are followed, and due diligence conducted, every time we’re considering using a plugin.
We’ll always make thorough checks to ensure any plugin we use is best-in-class, aligned with our high-performance standards, and so should any other agency you work with.
This will include asking questions like:
- Does it have a large number of positive reviews?
- Is it built by an author with a good reputation?
- How active and trusted is the author in the WordPress community?
- When was the last date the plugin was updated?
- Has it been updated regularly enough in the past?
- Does the code quality meet our standards?
- Does the code align with modern WordPress development best practices?
- Is the plugin compatible with the WordPress block editor?
Before implementing a plugin on your platform, your agency should also use it in a local testing environment to ensure it functions as expected.
The majority of plugins are reliable, offering a quicker and easier approach than building something bespoke. However, there are many cases where bespoke development is the more suitable option.
When it’s Better to Use Bespoke Development
When it comes to sophisticated, dynamic websites, plugins may not be capable of delivering the required level of performance, security compliance, or functionality.
In these cases, your agency will turn to bespoke development to deliver what you need. This is often the necessary approach, because high-performance websites do require some complexity behind the scenes. And WordPress is arguably the best platform available today for bespoke web development.
Building out your platform by creating new features completely from scratch, tailored to your exact need, brings with it a wealth of advantages over using plugins.
This is particularly beneficial in terms of flexibility and customisation, giving you something entirely unique to your website. You’ll have complete control and ownership of your bespoke features, which provides greater security and seamless integrations with the rest of your technology systems.
Performance will almost always be superior with bespoke development, delivering a far greater user experience (UX) and improving your customer engagement as a result.
Bespoke development could even be more cost-effective in the long-run too, when compared to plugins that turn out to be problematic or aren’t updated past a certain point.
Rely on Your Agency’s Expertise
Determining whether to use a plugin or build something bespoke will be a decision your agency should guide you to make correctly.
Each website and each business are different, so the right option will be unique to your own requirements and circumstances. Therefore, it’s also worth mentioning that this must be specific to each individual requirement as well, rather than taking a blanket approach.
The decision shouldl be based on the most straightforward way to give you the capability you’re looking for. It will also involve ensuring that your site’s security, performance, and UX are maintained. Another important factor to consider are your circumstances, such as your budget, timeframes, the amount of traffic your website is likely to encounter, and so on.
For example, if your agency knows that one of your top priorities for your website is excellent performance, they’ll make different decisions in that case than they would if you were more concerned with the fastest possible time-to-market.
Some businesses even use plugins in the first phase of their website, then look to rebuild their plugin-based functionality with bespoke development when their business grows, or when they have more time and resources available.
It’s important to trust your agency partner with this decision and rely on their advice. This is why it’s so valuable to work with an experienced agency who understands your needs, so they can help you make the right choices and take the best possible option.
Finding the Right Balance for Your Website
Plugins can be very useful, and it must be said that many WordPress plugins are outstanding in their capability and quality. However, if your specific requirements demand more than a plugin can deliver, bespoke development will be the correct approach.
Regardless, it’s crucial to find the right balance to ensure your site’s performance, speed, and security are maintained.
Ultimately, your agency partner should always consider the specific requirements and circumstances of your project before deciding whether to use plugins or build bespoke functionality for your site. This makes it even more important to work with an experienced agency you can trust to guide you.
Discover more about the scalability and flexibility of the WordPress platform, and its ability to deliver complex requirements for enterprise websites, in our related article here: Just How Scalable is WordPress?
Would you like these insights straight to your mailbox?
- 24/7 support
- Back-up and disaster recovery
- Fully-managed service
- Automated monitoring and alerts
- 99.99% up-time
- 100% pass-rate for data centre audits.
- WordPress by itself, out-of-the-box, is secure enough for most businesses to use.
- WordPress in the hands of an inexperienced or negligent agency will create significant security risks.
- WordPress is the hands of a dedicated, specialist partner is a platform you can trust and rely on without any concerns.
- Your brand
- Your company values
- Your colour scheme
- Your typography
- Imagery and other visual content
- Structuring of pages
- And other visual components that are used to tell your brand’s story across your website’s design.
Digital Business
25 January, 2023
Is WordPress Secure Enough for Large Businesses?
Summary
Despite being the most popular content management system in the world, many large businesses and organisations in strictly regulated industries are still asking, “Is WordPress secure enough for us?”
This article will give you a detailed explanation of how WordPress can provide enterprise-grade security, to help you make your own decision about whether it’s secure enough for your own business. We’ll also share some helpful tips to enhance the platform’s security and reduce its risks even further.
As technology has become more pervasive in our daily lives, cyber security concerns have intensified, especially in the workplace. Each year, we read about more high-profile cases of global brands becoming victims of malicious cyber attacks, most often with sensitive data being the real target.
As a business, you should be increasingly careful and vigilant about the technology solutions you deploy today. This is even more important for large businesses and organisations in industries with strict regulations, where the consequences of security issues can be catastrophic.
When you’re choosing a content management system (CMS) to build critical digital assets like your website, security must therefore be a top priority.
Despite being the most popular CMSs in the world today – powering almost 45% of the world’s websites – WordPress is still seen by some as the platform for smaller organisations. You’d think its popularity alone would be sufficient evidence that WordPress is secure, especially as a large fraction of that user base includes enterprises across both the public and private sectors. However, when it comes to WordPress security, there are still some question marks.
So, is WordPress secure?
Yes, absolutely.
But there are certain factors and potential pitfalls you should be aware of if you’re considering WordPress as your CMS of choice.
Understanding Security in a CMS
As business challenges with cyber security and data protection continue to grow, selecting a platform that offers robust security is crucial. But how does that work, exactly?
Ultimately, a CMS like WordPress is just a piece of software, and all software can be vulnerable to security issues in a variety of ways.
The most obvious of these is a cyber security attack, either by hackers, a virus, or malicious software (malware). Any CMS used in a business environment needs to be built to withstand these attacks on a daily basis, and WordPress is definitely capable of doing so.
Another significant risk is when software has accidental weaknesses, issues, or vulnerabilities – known as bugs – built into its code. Bugs are common in software, and they can manifest as anything from a box appearing in the wrong place on your website to a platform vulnerability that leaks mission-critical data to cyber criminals.
Bugs aren’t difficult to fix, and we’ll explain later in this article why WordPress users can be confident that these kinds of risks are minimal with the platform.
However, when it comes to a CMS’s security, it’s important to understand the following point:
The biggest security risks, and the greatest opportunities for cyber criminals, are unsafe user behaviour, lack of best practices, insufficient maintenance, and poorly built sites. Not the platform itself.
Your behaviour, and the behaviour of your end-users, is an area that can be exploited or cause problems if you don’t prioritise security. That’s why it’s necessary to take a proactive, rather than reactive, approach to protecting your data. The rest of this article will help you do that, and remove any concerns you still have about WordPress security.
Is WordPress Secure?
The misconception that WordPress isn’t secure enough for large businesses still lingers, but why? Well, the main reason is because the platform is free-to-use, and so it was initially most popular among B2C blogs and smaller independent businesses.
Today, however, this couldn’t be further from the truth. Industry-leading enterprises such as private equity advisory firm Rede Partners LLP, global investment firm Coller Capital, and global research and advisory leader Forrester use WordPress for their CMS, just to name a few. This goes a long way to proving the apprehension towards WordPress security is unnecessary.
So, let’s explore the WordPress platform in more detail to understand why these global enterprises have full confidence in the security of their data, as well as the data of their clients and partners.
WordPress is already a secure, stable platform out-of-the-box.. You can rest assured its core code is highly secure, because it’s overseen by a team of security experts who thoroughly test and quality-check it on a continual basis. They regularly release updates and reinforce any potential weaknesses before they’re exploited to protect you against any new-found threats.
A team of security analysts study the ever-changing cyber security landscape and respond to it with speed and precision.
While WordPress may be seen by some as a CMS for small businesses, the speed at which security updates are implemented is arguably the best in the world when compared to other platforms.
WordPress is also open-source software, which means all the code it’s built on is available to the public. Anyone from outside the WordPress team can view it, download it, and make adjustments to it. Users often suggest their own changes and updates to the code by submitting them to the WordPress moderator team for approval. If improvements are made to the WordPress code, these updates will be released to the global user base.
These people are part of a global community of dedicated, passionate users who work hard to ensure the platform is always developing into the best version of itself possible. Anything WordPress’s own team misses, the developer community will catch. This means users are often fixing bugs and shutting down potential opportunities for cyber criminals, keeping the platform safe for everyone else.
WordPress Security Vulnerabilities
While WordPress does have the support of some of the brightest developers in the world, who keep it as secure as possible, they can’t take care of everything for you. As mentioned earlier, your biggest security risks will probably lie within your own business, regardless of what CMS you’re using.
Additional security vulnerabilities can arise in certain scenarios, often caused by ignoring best practices or failing to take responsibility for simple maintenance of the platform.
Web Hosting
Your hosting environment is an important factor that can influence how secure and protected your data will be. Your WordPress websites will be hosted in a server that stores your files and data in a data centre.
WordPress, like any platform, should be hosted in a secure environment, with an experienced provider who prioritises security as part of their services. This should include putting proactive security measures in place for scenarios like unplanned down-time or even natural disasters.
Secure hosting should also involve automated monitoring for malicious activity and vulnerabilities in your servers and software, as well as incident response.
Before choosing your hosting service, be sure to carry out some due diligence and look into the security best practices of your host. In many cases, it’s wise to work with an agency partner who will help you with this, but more on that later.
Plugins
While the WordPress community is one of the platform’s greatest strengths, interacting with unsafe additions to the software can also be its downfall for some businesses. It’s important to be cautious of the constant stream of new features, updates, and plugins being made available, because some of them could create issues for you.
To avoid these problems, you shouldn’t download plugins unless they come from recognised, credible sources. Furthermore, you should always ensure all your plugins are correctly tested, maintained, and updated.
We appreciate this may sound complicated. For that reason, you should entrust this responsibility to a partner. When using WordPress to build and manage websites, a good agency should help you ensure everything is secure and up-to-date.
Software Updates
When you’re running a website or application on WordPress, you’ll regularly receive software updates from the platform. Any time an update comes through, it’s because certain bugs have been fixed or some improvements have been made.
It’s crucial that you keep up with WordPress updates because they’re there to keep your site secure. By leaving your site running on outdated versions, you’re at risk of a known issue being exploited by cyber attacks. Again, this should be taken care of by your agency partner so you don’t need to worry about keeping your web platform up-to-date.
Tips to Strengthen WordPress Security
If you still have doubts, there are some simple steps you can take to further strengthen the security of the WordPress CMS. Some of these more general tips can also be applied to most website platforms and other software software products in general as well.
Use a managed hosting service that offers enterprise-grade security.
You wouldn’t rent an office in a building that leaves its doors unlocked at night. Why would you place your sensitive data in a data centre that isn’t fully secure?
Some things you should consider non-negotiable for a web hosting provider to offer include:
Put back-up and disaster recovery services in place to ensure you’re protected from all potential risks.
To build on the above point, ensure your hosting service has measures in place for back-up and disaster recovery. This fail-safe measure will give you a way to save and recover all your data in the event of any losses.
Do not use, or allow your agency to use, any plugins from unrecognised sources.
As mentioned earlier, only use plugins from sources you trust. You should also keep all plugins and additions to the platform up-to-date, and make sure they’re rigorously tested – or, rather, make sure you can rely on your agency partner to do this for you behind the scenes.
Use plugins alongside security-specific enhancements.
You can further bolster the security of the WordPress platform by leveraging security-specific plugins such as WordFence, Sucuri, and Defender Pro. These can inform you of potential vulnerabilities or incidents so you can respond quickly before they have an impact on your business.
Don’t use tools that enable direct access to your site database from within the dashboard.
Some digital tools or extensions give direct access to your site’s database or files from within the dashboard, to make managing your website easier. This is something to avoid, because they’re often a major security risk.
Enable SSL
Enabling SSL (Secure Sockets Layer) introduces a protocol which encrypts the transfer of data between your website and your users’ browsers. This makes it more difficult for cyber criminals to steal information and data online.
Encourage your users to follow security best practices.
You can put all the security measures and data protection possible in place, but they could all be for nothing if a weak password or bad behaviour compromises your website.
Some security best practices every business can easily implement include making strong passwords compulsory among all users and introducing additional measures like two-factor authentication.
Rely on an Expert to Minimise Your Security Risks
As touched on throughout this article, another factor which will determine how secure your WordPress platform is will be which agency you decide to work with.
While deciding whether to invest in WordPress is a big decision, don’t underestimate the importance of finding the right agency partner to support you with your CMS, especially when it comes to WordPress security.
Ultimately, you should understand that:
Your data will be fully protected if you work with an agency who takes security seriously and prioritises it at the core of every development task they deliver for you.
That means they should be capable of handling secure architecture, testing, monitoring, updates, and ongoing support for you as part of your service. You should always take the time and care to find a specialist agency partner who has a proven track record of building robust, reliable sites, to ensure you’re minimising your risk.
WordPress is a Suitable Platform for the Enterprise
Cyber security and data protection are critical for businesses of all sizes, across all industries. But it can’t be denied that large businesses often face more severe consequences by falling victim to a cyber attack or data breach.
Choosing a platform that you have total confidence in is a necessary factor in the process of evaluating your options for a CMS.
When you have your own role and responsibilities to focus on, the last thing you want is to be constantly worrying about the security of your site. Following the advice and best practices listed in this article will provide you with a highly resilient WordPress platform with enterprise-grade security. That will allow you to spend more of your time creating an outstanding website that differentiates you from your competitors and drives business growth.
If you need more help understanding and evaluating platforms to deliver a web design and development project, read our comprehensive guide to selecting the right solution here.
Would you like these insights straight to your mailbox?
UI Design
18 April, 2023
What is Visual Exploration in the Process of Web Design?
When a visitor lands on your website, the visual design is likely to be the first thing they’ll notice. It’s also usually the thing they’ll remember most.
75% of consumers reportedly judge a business’s credibility based on its website design. This first impression can make or break a prospective client’s interest in working with you.
The ultimate goal of your website is to attract and retain as many prospects as possible, and then convert them into clients. But most websites are designed in a way that leaves those goals unfulfilled, failing to reach their full potential.
With that in mind, your visual identity should be treated as a top priority within the overall design of your website. Believe it or not, this can have a significant influence on the growth and success of your business.
When working on a web design project, you should always go through a careful visual exploration phase to find the right visual identity for your website.
Whether you’re going through a full company rebrand or just refreshing the style of your website, it’s important to ensure your design is tailored to your specific target audience. This is how you begin to drive business growth through your website.
Without a visual exploration process, your website may not convey your company’s brand identity and values as clearly as you’d like it to.
In this article, we’ll outline the steps taken so you’ll know what to expect when working on a website design project.
What Does the Process Involve?
The purpose of this process is to define the best visual direction to take with your site.
This is a crucial aspect of your overall design, with aesthetic elements being brought together to create a look and feel that engages your site’s visitors and retains their attention. To achieve that, your visual design needs to establish a connection between your audience and your brand immediately. It should also demonstrate why your visitors should work with you.
Exploring your visual identity will cover a wide range of elements, including:
What are Mood Boards and How Can You Use them?
The main tool used to help determine the right visual identity is a set of mood boards.
These are a visual compilation of all the various elements that make up your website’s visual design. Each mood board is essentially just a single-page collage of design styles based on previous discussions and the findings from the research and planning phase of the process.
The aim of these is to capture your brand’s visual style and tone. This will give the stakeholders, and your designers, a shared understanding of the design you’re working towards.
Mood-boarding helps you visualise the work on your website’s design before it begins and agree on a design aesthetic that accurately reflects your brand identity and values.
Think of this like a problem-solving exercise. Your design agency will take a research and data-driven approach to conveying your brand identity, while also catering to your target audience and accommodating the latest industry trends.
Collaboration and Iteration
Like most processes within web design and development, this visual exploration process should be collaborative and iterative.
You’ll typically be presented with a mood board and a set of ideas by your agency partner, then given the chance to provide feedback across several rounds of revisions.
Rounds and revisions are always important in any creative process. It’s usually necessary for your agency to develop and present a minimum of three mood boards before the optimum aesthetic is agreed upon. This is a crucial step towards the ultimate goal of creating a new website that accurately reflects your brand and has a positive impact on your target audience.
Connecting with Your Clients Through Design
Your website’s visual identity is what makes your brand resonate with your target audience. Your design needs to clearly convey the values of your business, the quality of your products and services, and the reason why your visitors would benefit from working with you.
Working through this visual exploration phase is an important step towards designing a website that will attract more visitors and increase your conversions.
Once this visual exploration is complete, the next phase of your web design process will be to craft your website’s user experience (UX).
Would you like these insights straight to your mailbox?
Digital Business
7 November, 2022
The Top Five Benefits of WordPress for Large Businesses
If you’re responsible for marketing, you’ll be well aware of the importance of a great content management system (CMS) for digital products like your website, mobile apps, staff portals, and so on. You may even need to create bespoke digital processes or systems unique to your business, such as internal training platforms or communications channels.
WordPress is the most popular CMS available today, powering almost 45% of the world’s websites. That popularity is on the rise, too, as more and more businesses realise the vast potential of the platform and the benefits it can deliver.
However, there’s still a misconception that WordPress isn’t suitable for large businesses. That’s no more than a myth, though. In fact, some of the biggest companies in the world use WordPress for their CMS.
But what are the specific reasons why that popularity has spread into the enterprise market over the past decade or so? To answer that question, let’s take a detailed look at the benefits and advantages WordPress offers large businesses:
1 – Scalability and Agility
WordPress is famous for its high level of scalability. However large your company, or the size and complexity of your site – as well as the amount of traffic passing through it – WordPress won’t have any problem managing that load.
Scalability is one of its most prominent advantages for large businesses, because it’s also agile enough to easily evolve and grow alongside your changing requirements.
The platform is more robust than most realise as well, with enterprise-grade performance and speed. This great performance also means user adoption and retention will always be high, helping you drive strong return on investment (ROI) on all the digital products you build.
2 – Flexibility and Customisation
WordPress is equally renowned for its flexibility and customisation, which are particularly useful for complex or bespoke development projects. You can use its flexibility to build bespoke features and functionality into your website or create an entirely unique system from scratch.
In large organisations where company-specific processes and workflows are common within your sites, this makes WordPress a highly beneficial option.
3 – Fast Time-to-Market
Thanks to its simplicity and intuitive usability, WordPress is a very efficient platform to build with. That gives you the advantage of delivering development projects with a very fast time-to-market. This is a significant benefit of any CMS, as it helps you save time, reduce costs, and provides more opportunity to test, iterate, and innovate.
4 – Integration
WordPress is very easy to integrate with other systems. Because most large enterprises have a lot of legacy technology to consider when implementing new systems, this is a huge benefit WordPress has over more cumbersome CMSs.
WordPress also integrates very well with back-end systems that are vital to your daily operations, such as HubSpot, Salesforce, PowerBi, and so on. This minimises disruption to your business while integrating WordPress into your existing tech stack.
5 – Low TCO and Strong ROI
WordPress comes with a very low total cost of ownership (TCO) when compared to other options. Unlike most CMSs, you won’t need to invest heavily in adding new features or capabilities, and you won’t need to worry about expensive extra work to manage upgrades or updates from the platform.
Because WordPress is so agile and rich with dynamic capabilities and features, it’s also proven to deliver strong ROI in both the short and long-term.
From a long-term value perspective, your initial projects won’t just stop at initial implementation, either. As your project or requirements evolve and your business grows, WordPress can seamlessly adapt and grow with you.
Other Points to Consider
It’s important to remember that every business, and every project, is different. While the benefits listed here do make WordPress an excellent CMS, you should still carefully evaluate how well it aligns with your specific objectives, requirements, budget, and other needs.
It’s also important to understand that most businesses will need the support of an agency with platform-specific skills and expertise to help you leverage a CMS to its full potential. As is the case with all platforms, it will be vastly easier to achieve your objectives and gain greater ROI, if you have the support of an experienced specialist partner to guide you.
If you’d like to learn more about WordPress, or need help deciding whether it’s a suitable option for your own requirements, we have a comprehensive guide to evaluating and selecting the enterprise options for a CMS here.
Would you like these insights straight to your mailbox?
Company Milestone
3 December, 2018
SoBold selected to work with Transport for London
SoBold Limited (SoBold), a leading digital and web marketing consultancy, is delighted to announce that SoBold has been selected to work with Transport for London (TfL) to build, manage and support a bespoke Cookie Consent Management Tool for use across TfL’s portfolio of websites.
SoBold’s rapid growth over the previous 12 months has seen them become a leading player in the digital and web marketing space. SoBold’s core offerings are now used by over 200 customers worldwide and we anticipate this customer base to continue to grow considerably over the next 12 months and beyond.
SoBold has been an authorised Reseller of Cookiebot since the new General Data Protection Regulation (GDPR) came into place on 24 May 2018. Cookiebot’s tool consists of three main features: cookie consent, cookie monitoring and cookie control and SoBold work with their clients helping them manage, build and integrate these solutions onto their websites. SoBold now manage Cookie Consent Management for clients across numerous different industries.
Transport for London has completed a formal tendering process to procure a new Cookie Consent Management Tool for their tfl.gov.uk website domains. By procuring the tool, Transport for London is best able to align their approach to cookie management with the requirements of data protection legislation. SoBold will work with Transport for London, for a minimum of 12 months with the option of extending the contract for a further 24 months.
SoBold Founder and Managing Director Will Newland, commented:
“We are absolutely delighted to work with Transport for London. This gives SoBold the opportunity to work with a large, well known, corporation and we have no doubt we can play a big part in ensuring Transport for London’s customers can feel safe and confident when sharing information about themselves on the TfL website. This further strengthens SoBold’s position as a leading player in the Cookie Consent Management space.”
SoBold Lead Developer Sam Phillips, commented:
“This is a fantastic opportunity for SoBold to showcase our experience in the delivery of bespoke Cookie Consent Management solutions across a portfolio of websites with millions of visitors per month. The contract with TfL cements our position as a leading CookieBot reseller in the United Kingdom.”
Would you like these insights straight to your mailbox?
Development
9 November, 2023
Regulation of digital markets: Comparing UK and EU approaches
Digital markets have experienced significant growth and dominance by a few companies and their platforms, raising concerns about competition, consumer choice, and data access. To address these issues, both the European Union (EU) and the United Kingdom (UK) have introduced regulatory reforms.
The EU has implemented the Digital Markets Act (DMA) and the Digital Services Act (DSA), while the UK has proposed the Digital Markets, Competition, and Consumer Bill (DMCCB) and the Online Safety Bill.
We’ll look at the regulatory approaches taken by the EU and UK, highlighting similarities and differences in scope, applicability, the importance of consent and how to get started with compliance.
Data privacy regulations in the European Union
The Digital Markets Act applies to companies designated as “gatekeepers” by the European Commission. Gatekeepers are the owners and providers of what the Commission identified as core platform services (CPS), such as search engines, social networking services, video-sharing platforms, and cloud computing services.
Companies designated as gatekeepers must carry out self-assessments to determine that they have met and continue to meet both quantitative and qualitative criteria. The list of gatekeepers may grow or change over time based on these criteria.
The quantitative criteria include a minimum annual turnover of €7.5 billion in the EU and at least 45 million active monthly users on the relevant platform or service in the last three financial years. Qualitative criteria consider the impact, importance, and market position of the CPS provider.
The DMA’s requirements are similar in many respects to those of the EU’s General Data Protection Regulation (GDPR), but are broader in some ways, addressing additional access to and uses of end users’ personal data.
Data privacy regulations in the United Kingdom
The Data Protection Act 2018 (“DPA”) covers the general processing of personal data in the UK and came into force on 25 May 2018, just before the EU GDPR took effect.
Following the end of the Brexit Transition Period, the EU GDPR became part of UK law through the European Union Withdrawal Agreement, and the Data Protection, Privacy and Electronic Communications Regulations 2019 (Exit Regulations).
The EU GDPR gave rise to the UK GDPR, which came into force on January 1, 2021, as the EU GDPR no longer protected UK citizens’ data. It includes the provisions of the EU GDPR with only minimal changes to the core principles, rights and obligations for data protection.
The UK GDPR and the DPA 2018 (amended version) are now the principal data protection regulations in the UK. They require businesses to protect individuals’ data, obtain consent to collect and use it, and protect data subjects’ rights.
The Privacy and Electronic Communications Regulations (PECR) implemented the EU’s ePrivacy Directive (Directive 2002/58/EC) and sets out privacy rights relating to electronic communications. The PECR came into force in 2003 and .
The “British DMA”: Enter the Digital Markets, Competition, and Consumer Bill (DMCCB)
In the U.K., Parliament has yet to pass the British equivalent of the DMA, the Digital Markets, Competition, and Consumer Bill, or the DSA equivalent, the Online Safety Bill.
The DMCCB applies to digital commercial operations in the UK or affecting the UK market, which are deemed to have Strategic Market Status (SMS). The definition of a digital activity is broad and includes any service provided via the internet.
To qualify as an SMS, a firm must meet criteria such as conducting a digital activity linked to the UK, having substantial market power, and holding a position of strategic significance. Turnover thresholds of £25 billion global turnover and/or £1 billion UK turnover are also considered.
Obligations and requirements
European Union: Digital Markets Act
The DMA imposes various behavioral obligations on gatekeepers. These include allowing third-party interoperability, granting access to user-generated data, promoting fair competition, and prohibiting preferential treatment of the gatekeeper’s services.
Gatekeepers must appoint compliance officers and submit annual compliance reports to the Commission.
Additionally, gatekeepers are required to inform the Commission about mergers (any “intended concentration” irrespective of whether they’re notifiable under the EU Merger Regulation or national merger rules. (DMA Art. 14.).
United Kingdom: Digital Markets, Competition and Consumer Bill
Strategic Market Status (SMS) firms in the UK will be subject to strict behavioral obligations under the DMCCB. These obligations revolve around fair trading, open choices, trust, and transparency.
The specific requirements will be tailored by the Digital Markets Unit (DMU) and the Office of Communications (Ofcom), the regulatory bodies overseeing the DMCCB and the Online Safety Bill, respectively.
SMS firms must also report proposed acquisitions meeting certain thresholds to the DMU.
EU vs. UK processes
European Union: (Digital Markets Act)
The EU’s legislative-driven model designates gatekeepers based on size and imposes behavioral expectations through regulation. The European Commission develops and enforces these requirements for compliance from gatekeepers.
United Kingdom: Digital Markets, Competition and Consumer Bill (DMCCB)
The UK’s approach involves more regulatory discretion. The DMU and Ofcom determine if a company has Strategic Market Status and tailor specific remedies accordingly. This approach allows for a more flexible and tailored oversight of digital platforms.
Participatory regulation
In the UK, both the DMU and Ofcom adopt a participatory regulation approach. This means regulators work closely with target companies to develop behavioral expectations and codes that can be enforced. The companies conduct their own Duty of Care analysis, which is reviewed by regulators that provide guidance and work collaboratively to define behavioral codes.
This means that beyond what’s defined by the two regulations, gatekeepers and SMS are required to determine their own privacy requirements to apply to third-party businesses using their services.
The importance of consent management for EU, EEA and UK companies
While both the European Union’s Digital Markets Act (DMA) and the United Kingdom’s Digital Markets, Competition and Consumers Bill (DMCCB) emphasize the significance of obtaining user consent for data processing activities, there may be variations in specific requirements and implementation.
To address these differences and get ready for data privacy compliance, follow these steps:
1. Understand the regulations
Familiarize yourself with the specific consent requirements outlined in both the DMA and DMCCB. Identify any variations in terms of lawful bases for processing, explicit consent, and additional obligations.
2. Assess your website or online platform’s data processing
Assess your organization’s data processing practices and identify any areas of noncompliance. Scan your website and check its degree of GDPR compliance.
3. Implement a leading European consent solution
Choose a consent management platform that enables GDPR and ePrivacy-compliant user consent collection and signaling for DMA compliance. Ensure that the CMP provides features such as granular consent options, secure recordkeeping, and user-friendly interfaces.
The specifics of CMP implementation do depend on what platforms you’re using, like your CMS, as well as other tools, including Google Tag Manager and other services. Cookiebot CMP is flexible, has direct integrations with leading website platforms, and can be installed with just a few lines of JavaScript. There’s also a cookie WordPress plugin.
4. Customize consent banners
Tailor the consent banners displayed on your website or online platform to meet the specific requirements of each regulation. Provide clear information about data processing activities, purpose specification, and the ability to manage preferences.
5. Update your privacy policy
Review and update your privacy policy to align with the requirements of the DMA and/or DMCCB. Include details about the types of data collected, the purposes of processing, parties with access to the data, and how user consent is obtained and managed.
6. Train your team
Educate your staff about the nuances of both regulations and the proper implementation of consent management. Ensure they understand their roles and responsibilities in obtaining and managing user consent.
Final thoughts
The UK and EU regulatory initiatives are creating de facto global digital risk management standards, by taking significant steps to regulate digital markets and addressing concerns related to market dominance, competition, consumer choice, and data access.
While the EU has implemented the DMA and DSA, the UK is in the process of enacting the DMCCB and the Online Safety Bill. The approaches differ in some aspects, but there’s a shared goal of promoting fair competition and protecting consumer interests.
Would you like these insights straight to your mailbox?
