Rune Rasmussen | 24/06/2021
SMEs and their data compliance headaches
Building websites has never been easier. With the advent of code-free, what you see is what you get (WYSIWYG) website builders, it’s dead simple to create a nice-looking layout and go live in a matter of just a few hours (or minutes, even).
However, while website creation is a walk in the park, the process of making sure your website is compliant with data privacy regulations has never been more complex. This is due to the sheer volume of frameworks you have to comply with.
We’re talking legal compliance (data privacy, cookies, consent etc.), accessibility compliance, performance compliance (load speed, responsiveness, etc.), and more. If you fail to be compliant, you could be facing hefty fines or get penalized by Google’s algorithms for search engine rankings.
On the other hand, it’s often extremely difficult to understand what you need to do in order to actually become compliant. If your website serves EU visitors, you know that your website needs to comply with the GDPR, but how on earth do you make that happen?
While larger companies may have the money to hire people or agencies to help them be compliant, it’s a luxury that small businesses can’t afford. They’re either on their own if they go the DIY route or rely on a partner for help if their website came to life through a DIFM model.
But even DIFM-based companies are struggling with compliance, especially when we talk about data privacy and GDPR.
The numbers only confirm all of this. A study conducted by the European Union in 2019 - one year after the GDPR came into effect - showed that around half of all SMEs were still not GDPR compliant. A 2020 study from the Data & Marketing Association found that only 10% of SMEs in the UK were fully compliant with the GDPR.
There’s a lot more similar data out there but you can also do your own little research experiment. Make a list of 10 SMEs that you buy products or services from on a regular basis. Go to their websites and check for the following:
I bet most of the websites on your list fail on at least one of those parameters.
At Mono Solutions, all employees use our own website builder to create websites for friends and family members. It’s not only in order to make someone happy by providing them with a good-looking and high-performing website but also for us to learn more about how our end users, the SMEs, think.
Every time I build a website for someone I know, I play a little game. It’s not really a nice game but it helps me learn a lot about compliance and awareness. It goes like this: I don’t ever proactively bring up the topic of data privacy compliance with them at any time during the website creation process. I want to see if they think about it first.
So far, I have never once during the process of building a website had a person come to me and ask about GDPR, cookies, privacy policies, or anything like that. On a few occasions, someone brought it up a while after their website went live.
It usually goes down like this:
“My uncle is a lawyer and he saw my new website. He asked me something about cookies and GDPR. What is that? Does that apply to a small business like mine? Does my website need something for this?”
In the vast majority of cases though, the people I’ve built websites for never spend as much as one second thinking about data privacy.
It’s important to remember that the GDPR and other data privacy frameworks are not here to just annoy business owners, although it may feel like it sometimes. They’re here to ensure proper and respectful handling of personal data. That’s something worth striving for, regardless if you’re a multinational business or an SME.
The big question is: how do we make it easier and cheaper for SMEs to become and remain compliant? We have to take decision-making out of the equation and automate as much as possible. Business owners do not want to make decisions about legal matters that they have limited knowledge about. They just want it to work from the get-go.
Some significant steps towards this kind of automation are already taking place thanks to the emergence of consent management platforms like Cookiebot. They make it simple for businesses to set up a compliant consent solution with out-of-the-box cookie banners, cookie descriptions, and a cookie declaration in many different languages.
Hopefully, this trend will continue and evolve with new, simple solutions hitting the market and helping the majority of SMEs reach compliance.
Rune Rasmussen is a Product Manager responsible for the Mono Editor and Mono Websites, the latter revolving around published websites in terms of load performance, security, accessibility, and SEO. He’s worked in software for over a decade across a host of different industries such as medicine, banking, eCommerce, and eLearning.