SoBold are thrilled to announce that they have been shortlisted for the B2B Website of the Year at the UK Digital Growth Awards.
SoBold and Kapow Primary have been working closely together since 2019 to provide teachers with rich lesson plans and engaging experiences for their classrooms.
This nomination is a proud moment for everyone at SoBold & Kapow Primary, highlighting their hard work and dedication.
Leonardo Esposito, Senior Back End WordPress Developer at SoBold.
“When Kapow started, I was just a few months in with SoBold, and I’ve been one of the main developers on the project ever since. It’s incredible how both the project and I have grown. As I became more experienced as a developer, learning new concepts and understanding new things, Kapow was evolving as a platform. The project is now very challenging as there’s more at stake, and it’s so rewarding to see any new feature released successfully, making both Kapow and our customers happy”.
Our Story
How it began
Our journey with kapowprimary.com began in 2019. At that time, Kapow Primary was in its nascent stages, serving 20 schools. Since then, they have grown into a comprehensive online platform, offering lesson plans, resources, and interactive features for primary school foundation subjects.
We joined forces, collaborated and actively contributed to the website design, development and SEO strategy to improve and enhance the website, ensuring it met the needs of teachers.
The dedicated Kapow Primary team at SoBold
What we achieved ⭐
Fast forward to 2024, and Kapow Primary has grown exponentially, now serving over 6,700 primary schools!
This growth is a testament to the website’s value and the dedication of our teams. We’re excited about what the future holds as we continue to expand and grow. 👀
Here are some key highlights from the past 18 months:
Interactive History Timeline
This feature lets teachers and pupils explore historical periods interactively. It’s a fun way to engage with history, allowing simultaneous exploration of different periods and making historical events more vivid and memorable.
Presentation Mode
We developed a presentation view that streamlines lesson plans. This feature enhances the learning experience for students and saves teachers valuable preparation time, allowing them to focus more on teaching and less on admin.
Curriculum Hub – Coming soon!
The national curriculum can be quite overwhelming! To help with this, we developed a hub that houses national curriculum resources in one place and shows how they align with Kapow Primary’s lesson plans, taking the headache away!
At the heart of everything we do is the commitment to giving teachers the best experience possible. We have a dedicated team to make this happen. Each new addition is crafted with this in mind, ensuring that Kapow Primary remains a trusted educational resource.
Final thoughts
Being nominated for this award means a lot to our team. It’s a recognition of the hard work, dedication, and passion that everyone at SoBold and Kapow Primary has put into this. We are deeply invested in the continuous improvement and growth of Kapow Primary.
Winning this award would be an incredible achievement and well-deserved recognition for everyone involved.
Would you like these insights straight to your mailbox?
- A fully-managed service with 24/7 support
- Automated monitoring and alerts
- Back-up and disaster recovery
- 99.99% up-time
- 100% pass-rate for data centre audits.
Company Milestone
8 June, 2021
SoBold is a Proud Clutch 100 Fastest-Growing Company for 2021
Clutch is a B2B review and rating platform that spans the IT, marketing, and business services industries. The site annually holds an awards cycle to celebrate the best and brightest service providers from the aforementioned sectors. SoBold are delighted to be one of the Clutch 100 fastest-growing companies for 2021!
“The Clutch 100 growth lists represent the top service providers based on revenue growth over the years,” said Clutch Founder Mike Beares. “Their recognition is only possible because of their willingness to participate and their commitment to delivering the best services to their clients.”
“We are delighted to be recognized as a Clutch Leader. This award highlights our consistent project success and growth as a business,” said SoBold Managing Director, Will Newland.
Would you like these insights straight to your mailbox?
Industry News
21 June, 2022
Pixel Pioneers Bristol 2022
If you’ve never been to a conference of any type before, you possibly think you already know the important areas of your profession and can find out any developments from your colleagues or the internet. At least that’s what I thought prior to attending Pixel Pioneers 2022.
Which option sounds more appealing to you? Pick up extra skills on occasion, or go to a conference and absorb a mega-dose of industry knowledge, make connections and enjoy exploring fresh surroundings? Luckily at SoBold we have the opportunity to do both.

The conference covered both ends of the telescope – from broad topics such as energy consumption, to a fifty minute talk about the brief three milliseconds your screen goes blank in between webpage loads. How the visually impaired experience the internet, to technical developments in styling / fonts.
My personal hero was Chris How – his mantra of valuing your customer’s time and giving them small moments of delight strongly resonated with me. In accordance, I want to guide you through the content of the conference, with links to the core material that will best replicate what the SoBold team saw, whilst valuing your precious time.
GAVIN STRANGE : Less Thinkering, More Tinkering
A must watch to boost your levels of creativity. Gavin shares his personal and professional projects with Aardman Studios. Lots of useful insights into reaching the pinnacle of creativity. Highly engaging delivery, visuals and plenty of ‘further reading’ material. Definitely worth watching in entirety. Gavin Strange website – will give you a sense of his creative flair and influences. https://www.jam-factory.com/
“It’s better to beg for forgiveness, than ask for permission.”
Gavin Strange

BIANCA BERNING : Variable Fonts – WTF?
From a technical and design standpoint, learning about variable fonts is incredibly useful. Towards the end Bianca veers into the potential application of variable fonts – imagine a world where your computer mutates its content to fit the viewer’s specific needs. If you’re looking for new avenues for unique artistic features for your website – this talk is for you. Everyone should have a play with variable fonts – try it here https://v-fonts.com/

CHRIS HOW : You Got to Fight for the Right to Delight
Chris’s choice of examples and commentary is intentionally entertaining and eclectic. His approach to design changes your criteria for success and also would decisively influence your next project. Essential viewing. Whether you’re a seasoned designer or developer short of a design, this talk will give you a guiding direction. Information on the Kano product roadmap here. https://www.productplan.com/glossary/kano-model/

LÉONIE WATSON : Accessibility: The Land That Time to Interactive Forgot
Visually impaired people experience the internet through screen readers – the internet described in words. Léonie’s valuable insight will definitely re-balance your priorities and appreciation for how websites should function. Some of the technical history she overviews was a bit lost on the audience but the switch in mindset is valuable. Important to dip into, especially for gleaming a deeper understanding of how a web document is compiled and loaded. It might sound ‘techy’ but it’s like understanding how our lungs work – illuminating. If you haven’t viewed any of your own websites using a screen reader – you definitely should. For a great sense of how the net is best experienced for visually impaired users – just check out her website – tink.uk
LUKE MURPHY : Lightning Talk: Design Tokens – Searching for a Source of Truth
Design Tokens act as a very useful tool for blending the boundaries of where design and development meet, in fact, they act as a technical element that affect design and development in equal measures. If you have no idea what a design token is – this talk could unlock a tonne of structure for your product. Here’s an overview article on design tokens

HANNAH SMITH : How to Make Digital Services More Sustainable
Hannah Smith’s talk invited us to critique our energy consumption and make changes to our habits as both consumers and producers of digital content. She makes the case that space travel is a waste of resources, and that using less lays the path to fulfilment. See if her arguments resonate with you. Hannah’s book recommendation – Doughnut Economics by Kate Raworth
JHEY TOMPKINS : Supercharge Your Skills with Creative Coding
A mad professor of CSS and JavaScript – Jhey has a mixture of technical tricks and interesting libraries for speech recognition. Deadpan yet full of colourful examples, Jhey clumsily demonstrates his collection of magical creations and challenges you, the developer, to break out of your ‘siloed’ mentality for visual presentation. Check out his catalogue of wondrous CSS/JS creations here

STUART LANGRIDGE : You Really Don’t Need All That JavaScript, I Promise
Painting with the broad brushes down to the nat-hair infinitesimally small details, Stuart reminds us of the importance of returning to the basics in order to best utilise the web. Unfortunately some of the libraries he suggests do not have extensive compatibility and thus aren’t for mainstream production… yet. His insight does provide a deeper understanding of the mechanics of the tools we use, although the message is quite drawn out. Example of the shared transitions js library https://codepen.io/drenther/pen/NjzeOO
RACHEL ANDREW : What’s New in CSS?
Rachel Andrew – new css features either in or emerging from or newly arrived from CSS-land. Truly at the coalface of emerging CSS features. For a frontend developer it was akin to being shown new letters in the alphabet that were being proposed. A summary of similar information can be found here – https://www.smashingmagazine.com/2022/03/new-css-features-2022/

Bristol itself is well worth a visit – a centre for nightlife, hedonism and youthful idealism. Simply walking around the harbour area in the daytime will refresh your appreciation for one-of-a-kind shops and overflowing street art. Make sure you have plenty of free space in your phone for all the photos. The SoBold team had a very enriching experience and bonded even tighter as a team. I hope to see you at the next one!
Links to the conference videos will be available via the Pixel Pioneers website.
Would you like these insights straight to your mailbox?
Latest from agency
26 May, 2023
Contentful vs WordPress: Which Platform is the Best Choice for You?
Deciding between two content management systems (CMS) is no easy task. Your CMS is an important long-term investment, so you must ensure you choose a platform that will meet all your requirements, both now and in future.
If you’re currently weighing up the pros and cons between Contentful and WordPress, there are some key differences between the two platforms that you should be aware of.
To make this evaluation process easier for you, and help you pick the best option for your business, this article provides a direct, objective comparison between these platforms.
Platform Overviews
Different types of software will provide you with different capabilities and limitations. The Contentful and WordPress platforms can both deliver quality enterprise-grade websites, but they each take a slightly different approach.
Contentful
Contentful is a cloud-based “headless” CMS. Being headless means that the back-end of the platform you use to publish, edit, and manage content is not directly connected to the front-end of your live website.
Your content is managed and stored in one central hub, hosted within the cloud, and this is the back-end of your platform (also known as the “body”). APIs are then used to take your content from the back-end and present it in website form.
A headless CMS gives you a high level of flexibility and customisation with your website’s front-end. These same APIs allow you to publish your content in different formats in different channels as well, facilitating a multi-channel approach to marketing.
This makes Contentful a flexible platform that can meet a range of different content requirements, but it is admittedly more complicated than the traditional approach to website management.
WordPress
WordPress is a traditional CMS that provides a more straightforward approach to managing your website. You can use WordPress to build sophisticated, dynamic sites with a simple, user-friendly set of tools.
While most businesses use WordPress in the traditional way, the platform can be leveraged with a headless approach as well, allowing it to match the scalability and multi-channel capabilities of solutions like Contentful.
WordPress gives you the flexibility to choose how you’d like to develop your website, based on the complexity and size of the project, and the objectives you’re trying to achieve. In the likely case that you’re working with a web design and development agency, that can all be handled for you by your partner.
The Scalability of Each Platform
Your business will grow and evolve over time, so you need a platform that can quickly and easily scale up with new features and functionality. You also need to ensure the platform can handle high volumes of traffic and maintain performance as your audience grows. That’s why scalability is one of the most important aspects to consider when choosing a CMS.
How Scalable is Contentful?
One of the main benefits of a headless CMS is that the infrastructure allows you to grow your digital presence rapidly, on a large scale.
The back-end offers easy customisation, and the cloud-based nature of the platform allows you to scale up dynamically whenever you need to.
Its multi-channel capabilities also inherently promote the idea of developing your content in different formats at a larger scale, while always maintaining consistency. This enables you to produce individual pieces of content once and easily repurpose them across different channels a number of times, saving valuable time and resources.
This can all be done without any concerns over technical issues like server capacity or network bandwidth, because the platform is delivered in a software-as-a-service (SaaS) model.
How Scalable is WordPress?
WordPress is a highly scalable platform in its own right, currently used to power the websites of some of the largest and most successful businesses in the world.
The platform is agile and scalable enough to grow seamlessly alongside your business and adapt to your changing requirements, whichever way you decide to use it.
As mentioned earlier, taking the headless approach with WordPress can provide the same enhanced scalability and pervasive multi-channel capabilities as Contentful, if you require those aspects from your CMS. This can also deliver benefits with speed of development and time-to-market, saving you valuable costs with your agency partner.
Expanding your WordPress site with the more traditional approach is made even easier than most other CMSs as well, thanks to the platform’s unique block-based editor. This is a method of building websites that provides great benefits in the areas of flexibility, efficiency, and ease-of-use.
WordPress also allows you to continually enhance your site with new features and functionality through bespoke development, with almost no limitations on what can be achieved.
Ease-of-Use
Like all technology, some tools are more approachable for the majority of users, while others will require some existing skills. This makes ease-of-use a key part of your criteria when selecting a platform to manage your website. You’ll be using it almost every day, after all, so you need to be comfortable with it.
How Easy is Contentful to Use?
While Contentful being solely a headless CMS does have its advantages, such as scalability and customisation, this approach also creates some challenges for the average user.
For example, adding content to Contentful can be difficult because it doesn’t provide you with a way to preview how your content will look in the front-end of the website.
Contentful doesn’t have a simple editing interface on the front-end, so there’s a much higher risk of error with this platform than with most others.
Granted, Contentful’s user interface (UI) is well structured and intuitive, but it’s also known for being more difficult for non-technical users than platforms like WordPress.
Handling the API rules is also complicated without the help of an experienced web development team. If you’re working with an agency, you may end up calling on them regularly for tasks that you could likely handle yourself in other CMSs.
How Easy is WordPress to Use?
Conversely, WordPress is renowned for its simplicity and ease-of-use. Even if you don’t have any existing knowledge of coding or content management, WordPress is very approachable and easy to learn.
When you first get started with WordPress, virtually everything you need to set up and manage your website will be readily available within the platform.
Publishing, managing, and editing in WordPress are all quick and convenient, thanks to an intuitive back-end that provides you with everything you need to build out a content-rich website.
Thanks to this ease-of-use, most of the people within your team will be able to use WordPress, allowing you to share the responsibility of the daily management and running of your site.
It is worth noting that taking a headless approach with WordPress does also require experienced web developers to be able to manage the platform though.
Security
Security should always be a top priority with any software you introduce into your business. If you’re considering a CMS that seems like it could be unable to provide the enterprise-grade security you need, it’s wise to continue looking for more reliable alternatives.
How Secure is Contentful?
As a cloud-based SaaS product, Contentful comes with useful in-built security features, including HTTPS data encryption, role-based access controls, and multi-factor authentication.
Headless CMSs also take a different approach to security compared to traditional platforms like WordPress. Its use of APIs allows you to control access to your content through a token-based authentication system, and it uses industry-standard encryption and secure storage measures to protect your data. With that in mind, Contentful should be seen as a very secure and robust platform.
How Secure is WordPress?
WordPress is a secure, platform. To find proof of this, you only need to look as far as the wealth of global enterprise businesses that have chosen WordPress as their CMS.
As with any software, though, there will always be vulnerabilities or potential risks that can arise in certain scenarios. For example, WordPress regularly releases updates to its software, and failing to test your platform upon these releases could lead to bugs or security issues creeping in. Similarly, certain plugins can create security problems if taken from the wrong sources or left untested for too long.
Finding an experienced agency partner you can depend on is usually a wise move to reinforce the security of your website. That partner will also be able to support you with important related services like hosting, maintenance, and ongoing optimisation.
Cost and TCO
Your CMS also needs to deliver good value for money and a low total cost of ownership (TCO).
To understand your long-term TCO, you’ll need to take into account things like license fees, hosting costs, maintenance, bespoke development with your agency, and more.
Contentful’s Initial Costs and Ongoing Investment
Contentful has basic and premium pricing plans for businesses, although you can use the platform for free to see if it’s a good fit first.
The basic plan starts at around £250 per month and supports up to twenty users, so it’s only suitable for small businesses. The premium plan is priced based on the resources you’ll use, such as number of users, API requests, and storage. You can usually expect this to start at around £450 per month.
However, as mentioned earlier, most businesses will require a lot of support from an agency to get the platform set up in both the back-end and front-end. You’ll likely need ongoing work from an agency to ensure you can use the platform to its full potential as well, which won’t come cheap.
All these things tend to add up to a high TCO over time, making Contentful less cost-efficient than some of the other CMSs around today.
WordPress’s Low TCO
WordPress is one of those solutions that is far more cost-efficient than Contentful, with a much more reasonable TCO.
Its software is open-source and the platform free to use. This means your initial costs are limited to just hosting, agency fees, and any other support you may need once your site is live. Plugins and extensions of the platform are licensed and paid for separately.
As WordPress is such an intuitive and easy-to-use platform, it’s also affordable to run it and manage it, even if you do use an agency to handle that for you. This includes any bespoke development or customisation requirements you may have, which experienced agencies can often deliver with a very fast time-to-market as well.
Which Platform is Right for You?
Both these CMSs will enable you to build sophisticated, high-performance websites that will support your business goals and allow you to gain an edge over your competition.
As you’ve seen throughout this comparison article, they each have their strengths and weaknesses, as do all the other CMSs available today. That means you need to base your decision on which one is the best fit for your specific business.
For example, a headless CMS, whether that’s Contentful or WordPress, may be too complex in many cases. But if you’re looking to execute a holistic multi-channel marketing strategy, it might be the right choice for you.
In the early stages of your evaluation process, it’s crucial to carefully consider your own unique requirements, objectives, budget, resources, agency relationships, and various other factors.
In order to make the right decision between two CMSs, you need to understand which one will be more suitable to deliver on your needs and expectations, both in the immediate term and for years to come.
Still not convinced? Discover five key benefits of WordPress’s industry-leading scalability in our related article here.
Would you like these insights straight to your mailbox?
Digital Business
9 February, 2023
10 Tips to Improve WordPress Security and Minimise Risks
Cyber security and data protection should be top priorities for your business right now. Of course, this is particularly important for large businesses, and those in strictly regulated industries like financial services, where the outcome of a cyber attack or data breach can be catastrophic.
As these security concerns continue to intensify, you must be increasingly careful and vigilant about the technology solutions you use. You should also take more proactive steps to ensure everything in your tech stack is built and managed in a way that minimises your risks.
When it comes to WordPress, there’s a common misconception that the platform isn’t secure enough for large businesses. This misunderstanding tends to come from the fact that it’s free-to-use, so it was originally more popular among smaller independent businesses and B2C blogs.
Today, however, WordPress is the world’s most popular content management system (CMS), and for good reason. Considering a significant percentage of that user base includes global enterprises, you’d think such popularity would be enough proof that it’s a secure platform.
On the contrary, large businesses still ask us on a regular basis, “Is WordPress secure enough for us?”
Is WordPress Secure?
The answer to that question is, yes, WordPress is a secure, stable platform, even in its “out-of-the-box” state. WordPress’s core code is thoroughly tested and quality-checked by a team of security experts continuously. Not only that, but the same team regularly releases security updates and reinforces any potential weaknesses before they can be capitalised on by cyber criminals.
In fact, the speed at which security updates are implemented in WordPress is arguably the fastest in the world today when compared with other CMSs.
Additionally, WordPress is open-source software, meaning all its code is available to the public. Users are constantly suggesting changes and updates, often to fix bugs in the code and minimise opportunities for cyber criminals. This keeps the platform safe and secure for everyone else.
But while WordPress does have the ongoing support of some of the most talented and devoted developers in the world, it’s not immune to security vulnerabilities. No software is, unfortunately.
That’s why it’s important to be aware of, and work with, some fundamental best practices for security. Listed below are some steps you can take to further strengthen the security of the WordPress CMS.
Best Practices to Strengthen WordPress Security
1 – Secure Hosting
The hosting service you choose for your platform will determine how secure and well protected your data will be.
It goes without saying that WordPress should be hosted in a secure environment, overseen by an experienced provider who prioritises security within their services.
Some things you should consider essential for a hosting provider include:
Before choosing your hosting provider, do plenty of research to ensure they’re able to provide these measures. Most businesses will work with a development agency partner for WordPress, and that agency should be able to help you with this process.
2 – Back-Up and Disaster Recovery
Following on from the previous point, any good hosting provider should also offer back-up and disaster recovery services. These are like safety nets that will allow you to protect, save, and recover all your data in the event of any losses.
3 – Be Careful with Plugins
Plugins are a great way to enhance the WordPress platform with new capabilities and features. But you should only ever use plugins from reputable, credible sources, otherwise you could experience security problems.
It’s also important to keep all your plugins regularly tested, maintained, and updated. Again, this is an area where a WordPress agency partner will help you.
4 – Always Keep Your Platform Updated
When you’ve built a website with WordPress, you’ll often receive software updates from the platform. Any time this happens, it’s because a bug has been fixed or some improvements have been made to the software.
Keeping up with these updates is so important from a security perspective, because they’re designed to keep your site secure. By letting your site run on an outdated version of the platform, you leave yourself at risk of a known issue being exploited by a cyber criminal or some malware.
This is another thing that a good agency partner should take care of for you, so you don’t need to worry about keeping your platform up-to-date.
5 – Never Auto-Update Your Plugins
You have the option to enable auto-updates within your WordPress platform. While this may seem like an easy way to keep your CMS up-to-date, doing so can create technical issues and security risks that simply aren’t worth the convenience.
Each plugin you use will have its own button for you to turn auto-updates on or off. Any good agency will advise you to turn those auto-updates off and instead opt for a more secure approach to your updates, to maintain the resilience of your platform.
6 – Use Security-Specific Plugins
Another way to reinforce the security of WordPress is by implementing security-specific plugins like WordFence, Sucuri, or Defender Pro.
These handy tools will do a lot of the hard work for you, monitoring your platform and spotting potential vulnerabilities so you can fix them before they’re allowed to have any negative impact.
7 – Enable SSL
A secure sockets layer (SSL) is a protocol which encrypts the transfer of data between your website and your users’ browsers. Enabling SSL makes it more difficult for cyber criminals to steal or compromise data online. Don’t worry, though, as this will be taken care of by your hosting provider as a standard practice.
8 – Avoid Tools that Open Direct Access to Your Site Database from the Dashboard
Some tools and plugins will enable direct access to your site’s database from within your CMS dashboard. While this can make certain aspects of website management easier for you, it also creates security vulnerabilities. This is something you should always avoid, because these additions are often severe security risks.
9 – Encourage Your Users to be Mindful of Security
The biggest security risks, and many opportunities for cyber criminals, come from unsafe user behaviour, poor platform maintenance, and badly built sites.
Your behaviour, and the behaviour of your end-users – and your agency – should always be mindful of security. If it’s not, sooner or later you’ll encounter problems. Some security best practices you can introduce include making strong passwords compulsory for all users and implementing measures like two-factor authentication.
10 – Find a Trustworthy Agency Partner to Support You
We understand that following all these steps sounds like a lot of work. Of course, when you’ve got your own job to focus on, the last thing you need is to be spending time struggling through complex website security processes.
That’s why it’s so valuable to find a reliable, trustworthy agency partner when using WordPress to build and manage websites. A good agency will ensure everything is secure and up-to-date for you, so you can spend more time providing outstanding services and experiences to your customers.
It’s always worth taking time to find an experienced agency with a strong track record of building robust, secure sites, to give you the peace of mind you deserve. That means they should handle your secure architecture, testing, monitoring, updates, and ongoing support for you as part of their services.
Being Truly Secure is an Ongoing Process
When you’re selecting a content management system (CMS) to build critical digital assets like your website, security must be a top priority. It’s for that very reason more and more large businesses are looking to WordPress as their platform of choice.
However, it’s equally important to choose an agency you can trust, and one that has these security best practices incorporated into their approach. This doesn’t just stop at the delivery of your website, either. True security is a constant ongoing process, and your agency partner should help you through that.
Following the tips listed here will give you everything you need to build a resilient, secure website on WordPress, suitable for the enterprise.
Interested in learning more about WordPress? Discover how a global enterprise achieved game-changing results by using WordPress to build a secure, innovative, bespoke solution. Check out the story of RedeWire from Rede Partners LLP here.
Would you like these insights straight to your mailbox?
Development
9 November, 2023
Regulation of digital markets: Comparing UK and EU approaches
Digital markets have experienced significant growth and dominance by a few companies and their platforms, raising concerns about competition, consumer choice, and data access. To address these issues, both the European Union (EU) and the United Kingdom (UK) have introduced regulatory reforms.
The EU has implemented the Digital Markets Act (DMA) and the Digital Services Act (DSA), while the UK has proposed the Digital Markets, Competition, and Consumer Bill (DMCCB) and the Online Safety Bill.
We’ll look at the regulatory approaches taken by the EU and UK, highlighting similarities and differences in scope, applicability, the importance of consent and how to get started with compliance.
Data privacy regulations in the European Union
The Digital Markets Act applies to companies designated as “gatekeepers” by the European Commission. Gatekeepers are the owners and providers of what the Commission identified as core platform services (CPS), such as search engines, social networking services, video-sharing platforms, and cloud computing services.
Companies designated as gatekeepers must carry out self-assessments to determine that they have met and continue to meet both quantitative and qualitative criteria. The list of gatekeepers may grow or change over time based on these criteria.
The quantitative criteria include a minimum annual turnover of €7.5 billion in the EU and at least 45 million active monthly users on the relevant platform or service in the last three financial years. Qualitative criteria consider the impact, importance, and market position of the CPS provider.
The DMA’s requirements are similar in many respects to those of the EU’s General Data Protection Regulation (GDPR), but are broader in some ways, addressing additional access to and uses of end users’ personal data.
Data privacy regulations in the United Kingdom
The Data Protection Act 2018 (“DPA”) covers the general processing of personal data in the UK and came into force on 25 May 2018, just before the EU GDPR took effect.
Following the end of the Brexit Transition Period, the EU GDPR became part of UK law through the European Union Withdrawal Agreement, and the Data Protection, Privacy and Electronic Communications Regulations 2019 (Exit Regulations).
The EU GDPR gave rise to the UK GDPR, which came into force on January 1, 2021, as the EU GDPR no longer protected UK citizens’ data. It includes the provisions of the EU GDPR with only minimal changes to the core principles, rights and obligations for data protection.
The UK GDPR and the DPA 2018 (amended version) are now the principal data protection regulations in the UK. They require businesses to protect individuals’ data, obtain consent to collect and use it, and protect data subjects’ rights.
The Privacy and Electronic Communications Regulations (PECR) implemented the EU’s ePrivacy Directive (Directive 2002/58/EC) and sets out privacy rights relating to electronic communications. The PECR came into force in 2003 and .
The “British DMA”: Enter the Digital Markets, Competition, and Consumer Bill (DMCCB)
In the U.K., Parliament has yet to pass the British equivalent of the DMA, the Digital Markets, Competition, and Consumer Bill, or the DSA equivalent, the Online Safety Bill.
The DMCCB applies to digital commercial operations in the UK or affecting the UK market, which are deemed to have Strategic Market Status (SMS). The definition of a digital activity is broad and includes any service provided via the internet.
To qualify as an SMS, a firm must meet criteria such as conducting a digital activity linked to the UK, having substantial market power, and holding a position of strategic significance. Turnover thresholds of £25 billion global turnover and/or £1 billion UK turnover are also considered.
Obligations and requirements
European Union: Digital Markets Act
The DMA imposes various behavioral obligations on gatekeepers. These include allowing third-party interoperability, granting access to user-generated data, promoting fair competition, and prohibiting preferential treatment of the gatekeeper’s services.
Gatekeepers must appoint compliance officers and submit annual compliance reports to the Commission.
Additionally, gatekeepers are required to inform the Commission about mergers (any “intended concentration” irrespective of whether they’re notifiable under the EU Merger Regulation or national merger rules. (DMA Art. 14.).
United Kingdom: Digital Markets, Competition and Consumer Bill
Strategic Market Status (SMS) firms in the UK will be subject to strict behavioral obligations under the DMCCB. These obligations revolve around fair trading, open choices, trust, and transparency.
The specific requirements will be tailored by the Digital Markets Unit (DMU) and the Office of Communications (Ofcom), the regulatory bodies overseeing the DMCCB and the Online Safety Bill, respectively.
SMS firms must also report proposed acquisitions meeting certain thresholds to the DMU.
EU vs. UK processes
European Union: (Digital Markets Act)
The EU’s legislative-driven model designates gatekeepers based on size and imposes behavioral expectations through regulation. The European Commission develops and enforces these requirements for compliance from gatekeepers.
United Kingdom: Digital Markets, Competition and Consumer Bill (DMCCB)
The UK’s approach involves more regulatory discretion. The DMU and Ofcom determine if a company has Strategic Market Status and tailor specific remedies accordingly. This approach allows for a more flexible and tailored oversight of digital platforms.
Participatory regulation
In the UK, both the DMU and Ofcom adopt a participatory regulation approach. This means regulators work closely with target companies to develop behavioral expectations and codes that can be enforced. The companies conduct their own Duty of Care analysis, which is reviewed by regulators that provide guidance and work collaboratively to define behavioral codes.
This means that beyond what’s defined by the two regulations, gatekeepers and SMS are required to determine their own privacy requirements to apply to third-party businesses using their services.
The importance of consent management for EU, EEA and UK companies
While both the European Union’s Digital Markets Act (DMA) and the United Kingdom’s Digital Markets, Competition and Consumers Bill (DMCCB) emphasize the significance of obtaining user consent for data processing activities, there may be variations in specific requirements and implementation.
To address these differences and get ready for data privacy compliance, follow these steps:
1. Understand the regulations
Familiarize yourself with the specific consent requirements outlined in both the DMA and DMCCB. Identify any variations in terms of lawful bases for processing, explicit consent, and additional obligations.
2. Assess your website or online platform’s data processing
Assess your organization’s data processing practices and identify any areas of noncompliance. Scan your website and check its degree of GDPR compliance.
3. Implement a leading European consent solution
Choose a consent management platform that enables GDPR and ePrivacy-compliant user consent collection and signaling for DMA compliance. Ensure that the CMP provides features such as granular consent options, secure recordkeeping, and user-friendly interfaces.
The specifics of CMP implementation do depend on what platforms you’re using, like your CMS, as well as other tools, including Google Tag Manager and other services. Cookiebot CMP is flexible, has direct integrations with leading website platforms, and can be installed with just a few lines of JavaScript. There’s also a cookie WordPress plugin.
4. Customize consent banners
Tailor the consent banners displayed on your website or online platform to meet the specific requirements of each regulation. Provide clear information about data processing activities, purpose specification, and the ability to manage preferences.
5. Update your privacy policy
Review and update your privacy policy to align with the requirements of the DMA and/or DMCCB. Include details about the types of data collected, the purposes of processing, parties with access to the data, and how user consent is obtained and managed.
6. Train your team
Educate your staff about the nuances of both regulations and the proper implementation of consent management. Ensure they understand their roles and responsibilities in obtaining and managing user consent.
Final thoughts
The UK and EU regulatory initiatives are creating de facto global digital risk management standards, by taking significant steps to regulate digital markets and addressing concerns related to market dominance, competition, consumer choice, and data access.
While the EU has implemented the DMA and DSA, the UK is in the process of enacting the DMCCB and the Online Safety Bill. The approaches differ in some aspects, but there’s a shared goal of promoting fair competition and protecting consumer interests.