Rune Rasmussen  |  24/06/2021

SMEs and their data compliance headaches

Building websites has never been easier. With the advent of code-free, what you see is what you get (WYSIWYG) website builders, it’s dead simple to create a nice-looking layout and go live in a matter of just a few hours (or minutes, even).

However, while website creation is a walk in the park, the process of making sure your website is compliant with data privacy regulations has never been more complex. This is due to the sheer volume of frameworks you have to comply with.


We’re talking legal compliance (data privacy, cookies, consent etc.), accessibility compliance, performance compliance (load speed, responsiveness, etc.), and more. If you fail to be compliant, you could be facing hefty fines or get penalized by Google’s algorithms for search engine rankings.


On the other hand, it’s often extremely difficult to understand what you need to do in order to actually become compliant. If your website serves EU visitors, you know that your website needs to comply with the GDPR, but how on earth do you make that happen?


SMEs struggle with data privacy compliance

While larger companies may have the money to hire people or agencies to help them be compliant, it’s a luxury that small businesses can’t afford. They’re either on their own if they go the DIY route or rely on a partner for help if their website came to life through a DIFM model.


But even DIFM-based companies are struggling with compliance, especially when we talk about data privacy and GDPR.


The numbers only confirm all of this. A study conducted by the European Union in 2019 - one year after the GDPR came into effect - showed that around half of all SMEs were still not GDPR compliant. A 2020 study from the Data & Marketing Association found that only 10% of SMEs in the UK were fully compliant with the GDPR.


There’s a lot more similar data out there but you can also do your own little research experiment. Make a list of 10 SMEs that you buy products or services from on a regular basis. Go to their websites and check for the following:

  • Do they have a cookie banner that categorizes cookies on their website and blocks them from loading until you have given appropriate consent?
  • Do they make it simple for you to revoke (take back) the consent you have given?
  • Do they provide a list of all the cookies set on their website along with descriptions of their purpose and when they expire?
  • Do they have an up-to-date privacy policy?

I bet most of the websites on your list fail on at least one of those parameters.


The obstacles? Knowledge and money

At Mono Solutions, all employees use our own website builder to create websites for friends and family members. It’s not only in order to make someone happy by providing them with a good-looking and high-performing website but also for us to learn more about how our end users, the SMEs, think.


Every time I build a website for someone I know, I play a little game. It’s not really a nice game but it helps me learn a lot about compliance and awareness. It goes like this: I don’t ever proactively bring up the topic of data privacy compliance with them at any time during the website creation process. I want to see if they think about it first.


So far, I have never once during the process of building a website had a person come to me and ask about GDPR, cookies, privacy policies, or anything like that. On a few occasions, someone brought it up a while after their website went live.


It usually goes down like this:


“My uncle is a lawyer and he saw my new website. He asked me something about cookies and GDPR. What is that? Does that apply to a small business like mine? Does my website need something for this?”


In the vast majority of cases though, the people I’ve built websites for never spend as much as one second thinking about data privacy.


The obstacles to compliance for SMEs are knowledge and money. Even if they know that they need to be compliant, they don’t know how. And once they decide to become compliant, they realize that it’s definitely not a cheap journey. They’ll need a consent management solution, a lawyer to read through their privacy policy, and more.


Making hard things easy 

It’s important to remember that the GDPR and other data privacy frameworks are not here to just annoy business owners, although it may feel like it sometimes. They’re here to ensure proper and respectful handling of personal data. That’s something worth striving for, regardless if you’re a multinational business or an SME. 


Being compliant doesn’t only ensure that you don’t get fined, it also positively rubs off on your brand and credibility. If a visitor comes to your website and notices you have a compliant cookie banner and a privacy policy page, they know that you take privacy seriously. In the long run, that will end up boosting your conversion rate.


The big question is: how do we make it easier and cheaper for SMEs to become and remain compliant? We have to take decision-making out of the equation and automate as much as possible. Business owners do not want to make decisions about legal matters that they have limited knowledge about. They just want it to work from the get-go.


Some significant steps towards this kind of automation are already taking place thanks to the emergence of consent management platforms like Cookiebot. They make it simple for businesses to set up a compliant consent solution with out-of-the-box cookie banners, cookie descriptions, and a cookie declaration in many different languages.


Hopefully, this trend will continue and evolve with new, simple solutions hitting the market and helping the majority of SMEs reach compliance.



About the author

Rune Rasmussen is a Product Manager responsible for the Mono Editor and Mono Websites, the latter revolving around published websites in terms of load performance, security, accessibility, and SEO. He’s worked in software for over a decade across a host of different industries such as medicine, banking, eCommerce, and eLearning.



Sign up to the
Mono newsletter

Sign up