As the digital landscape continues to evolve, startups and small to medium-sized enterprises (SMEs) face unique challenges in establishing and maintaining their data privacy practices and competing with larger companies in digital markets.
The introduction of the Digital Markets Act (DMA) by the European Commission brought both opportunities and hurdles for these businesses as it aims to promote fair competition while enhancing data privacy and protection.
We’ll explore what you need to know to comply with the DMA, including the benefits and challenges that the Act presents for startups and SMEs. Understanding these factors will help you to better navigate the new regulatory landscape.
Digital Markets Act (DMA) benefits for startups and SMEs
The DMA aims to foster fairness and competition by improving SME access to markets, audiences, and data, and increasing opportunities for innovation for companies in the EU or accessing EU markets.
This is while simultaneously providing more extensive data protection and greater transparency for customers. Here are the top benefits that the DMA brings to startups and SMEs.
Enhanced market access
The DMA aims to help startups and SMEs have fairer and more equal access to digital markets. By targeting the six designated gatekeepers — large tech corporations like Meta and Google that have outsized reach and influence — the DMA promotes competition with a number of requirements to open up access to data and prevent preferential practices.
The goal is to prevent unfair practices that can hinder smaller players from reaching their target audiences and accessing the data they need to grow.
Increased innovation opportunities under the DMA
With the DMA in place, startups and SMEs can work toward a more innovative ecosystem. By deterring anti-competitive behaviors and enabling access to more resources, smaller entities can embrace a culture of innovation and knowledge exchange.
How the DMA requires safeguarding of user data
One of the DMA’s core objectives is to require additional protections for user data and privacy. While the regulation directly requires gatekeepers to comply — companies that have received extensive scrutiny by European data protection authorities — those companies have millions of customers, so to achieve and maintain compliance, their customers must meet privacy standards as well.
Data privacy requirements are expected to widely “trickle down.” Companies like Google are requiring their customers to implement data privacy measures and tools to enable compliantly obtaining user consent and signaling it to Google services, like those for advertising and analytics.
Beneficially, compliance with the DMA helps smaller businesses have access to the same consented data as large enterprises, enabling both privacy compliance and data-driven marketing operations.
Enhanced transparency with DMA requirements
The DMA introduces stricter transparency requirements for the designated gatekeepers, helping startups and SMEs gain clearer insights into how platforms are designed to work (e.g. algorithms), audience activities, and other valuable data that affects these third parties.
Access to data portability under the DMA
The DMA requires enablement of data portability. That is a potential boon to smaller companies on the competitive front, as it means customers have easier access to their data and can move it from one company to another.
This means consumers have better access to competitive pricing, innovative features, and more, and aren’t locked into one company’s products, services, or ecosystem. Large players can’t necessarily retain their customers anymore just because they aren’t able to leave without significant expense and disruption.
The DMA’s streamlined complaint mechanisms
The DMA requires establishment of transparent and efficient complaint mechanisms and dispute resolution so gatekeepers can’t restrict or prevent SMEs or end users from raising noncompliance issues with public authorities.
As SMEs tend to have limited resources, including legal ones, this is an important tool to help them operate and compete with companies that have much much more influence and reach.
Embrace transparency to build trust
Transparency is a core requirement of the Digital Markets Act, and is also the cornerstone of successful monetization strategies in business online. As a startup or SME you can leverage the DMA to enhance transparency and build trust with your customers. It can also be easier for smaller companies to provide comprehensive transparency about business practices and data use, as there are fewer “moving parts”.
Startups and SMEs also often have a less formal brand and messaging, which can make it easier and on-brand for notifications about data use, consent, and user rights to be clear, accessible, and easily understood.
By clearly communicating your data handling practices, privacy policies, and consent mechanisms, you demonstrate a commitment to respecting consumers and protecting user privacy. This can be critical in early phases when every new customer really counts.
These practices foster trust, which in turn leads to development of a more trusted brand to attract prospects, stronger customer loyalty, higher engagement over time, and increased monetization opportunities.
Creating transparency with the DMA law in practice
Per the requirements of the DMA (and related laws like the GDPR), in addition to clearly communicating about your data handling and consent management practices, there are other obvious areas where being transparent is a best practice.
- Clearly communicate pricing, tiers, and any supplemental fees associated with your services (including when there are changes, and how the transition from free trial to paid plan works)
- Provide transparent information about your business practices and policies (in addition to privacy)
- Publish customer reviews and testimonials to showcase social proof
- If relevant, provide multiple product or service tiers that customers can grow into, as they may not need a “premium” offering right away (your customers want to scale as much as you do)
- Offer a money-back guarantee or a free trial to reduce risk for potential customers, in addition to making migration as seamless as possible
How to be transparent about data use and build trust
For example: a startup offering a mobile app. By implementing clear and concise privacy notices, providing granular control over data sharing, and obtaining explicit consent for targeted advertising, the startup can establish itself as a trustworthy brand in the eyes of its users. And with clear plans and pricing and a super easy migration process from competitors services, it makes the startup a very attractive choice.
Leveraging the DMA to unlock your business potential
If you’re a startup or SME growing in digital markets in the EU, you can capitalize on the advantages of the DMA. Follow these straightforward steps to unlock your business potential.
- Get a free data privacy audit for your website.
- Understand where you stand on GDPR compliance — the regulatory framework with which the DMA aligns.
- Confirm the third-party requirements levied by all gatekeeper companies you do business with, e.g. for digital advertising or marketplaces.
- Map out changes to your data handling and privacy compliance operations to enable your organization to meet DMA (and gatekeepers’) requirements for the platforms and services you use.
If you haven’t implemented a consent management platform (CMP) already, it should be your number one priority. Adopting a consent solution for your website(s) and app(s) that enables you to meet gatekeepers’ DMA requirements for their customers will help ensure your continued use of the gatekeepers’ core platform services.
Using these solutions, you can obtain and signal explicit user consent to collect, process, and share any personal data obtained via these platforms.
Harness the potential of data-driven insights
Data is the lifeblood of the digital economy, and as startups or small businesses you may have access to valuable streams of user data. The Digital Markets Act emphasizes the importance of data access and portability, helping to level the playing field for smaller players.
By obtaining high quality consented data, you can leverage data analytics and insights to make more informed decisions to optimize your monetization strategies. Understanding user behavior, preferences, and trends enables you to tailor your offerings, improve customer experiences, and drive higher conversions.
Increasing customer visibility with data analytics
- Collect and analyze customer data (with required consent) to understand their needs, preferences, and behaviors
- Use data to personalize and optimize your offerings, pricing, and marketing strategies
- Analyze data to identify trends and gaps — opportunities for new revenue streams or areas for business growth
- Consider offering data analytics or insights as a separate service to generate additional revenue
How to use data to increase sales
An example: a fashion ecommerce startup can analyze customer browsing patterns and frequency, as well as purchase history (including both information about the items purchased, and payment information), to offer personalized recommendations and targeted promotions. More broadly, they can identify key demographics, how they shop online, and what they’re interested in seeing or buying.
By leveraging data-driven insights, the startup can increase cross-selling opportunities, boost customer satisfaction, potentially build relevant partnerships, and ultimately drive revenue growth.
Stay agile and innovate
Startups and SMEs must remain agile and embrace innovation to stay ahead of the competition, even more so than well-known or established brands (which are also competition). Fortunately, smaller companies are often more agile than bigger ones, which, having gained success and market dominance, may focus less on innovation and getting ahead of changing trends.
The Digital Markets Act encourages innovation by promoting interoperability and helping to ensure fair access to essential digital platforms and services. By continuously exploring emerging technologies, experimenting with new business models, delivering excellent and creative customer experiences, and adapting to or getting out ahead of market trends, startups can seize monetization opportunities that others might overlook. Never ignore the opportunities of first-mover advantage.
Continuous innovation in practice
There are a number of ways that startups and SMEs can stay agile and gain first-mover advantage, even in markets with huge dominant players.
- Continuously monitor market trends and customer needs to identify new monetization opportunities, including outside the usual channels, which may not pick up on more niche or “left field” developments
- Experiment with different pricing models, such as freemium, tiered pricing, or subscription-based models
- Regularly update and improve your products or services based on customer feedback, but be sure to continue to be the driver of your own strategy
- Stay ahead of competitors by investing in research and development to introduce new features or offerings, also test early and often to find true potential
- Use requirements of laws like the DMA as marketing opportunities — make sure customers and prospects know about data portability when you tell their about your great new services and pricing
How to explore technology to seize monetization opportunities under the DMA
An example: a software-as-a-service (SaaS) startup offers project management tools. By integrating with popular collaboration platforms and leveraging emerging technologies, like artificial intelligence, the startup can enhance its offerings, attract new customers, and position itself as a leader in its market segment. They can also advertise how easy they make it to migrate from major competitive platforms.
Potential DMA challenges for small businesses and startups
Navigating the privacy requirements of the DMA as they apply to third-party customers of the gatekeepers can be daunting for startups and small businesses.
Smaller companies need to focus on growth and their core business and have limited resources technically, legally, and otherwise. At the same time, the financial and reputational risks of privacy noncompliance cannot be ignored.
Staying ahead of compliance regulations
The DMA contains complex requirements that will be updated as technologies, the legal landscape, and ecommerce evolve.
Keeping up with its provisions — like ensuring your website is compliant with the DMA — demands ongoing monitoring and the means to adapt your processes, policies, and technologies quickly. This can be particularly challenging for startups and SMEs.
Compliance costs
There may be added costs to achieving and maintaining privacy compliance, like implementing a consent management platform. Consulting with qualified legal counsel and/or a privacy expert is also strongly recommended if your company doesn’t have these resources in-house.
These actions do have a cost, but compared to privacy noncompliance fines or losing access to platforms and ad revenue, for example, could be far more costly. Retaining full access to gatekeepers’ products and services, along with additional data and audience access, can help your company grow faster, as can building trust with your customers and prospects by clearly demonstrating respect for data privacy. The DMA also presents some opportunities for monetization.
Ensuring data protection and data privacy
Data protection, privacy, and user consent management are central to the DMA’s requirements, for gatekeepers’ customers all the way through the ecosystem to the end user. Your startup or SME will need to adjust its operations if it hasn’t yet to ensure it has robust data protection and secure user consent processes in place to comply with the Act.
While the DMA applies in the EU, Google, for example, has already expanded requirements for compliance, so companies doing business with UK and Swiss residents will also need to meet privacy standards.
It’s a best practice to implement strong data privacy operations globally, as the likelihood is strong that your company will need to operate to these standards globally before long.
This may involve data operations auditing, implementing advanced security protocols, updating policies, training teams, and continuously monitoring data handling practices. A CMP can go a long way toward helping to meet these requirements and maintain high data privacy standards.
DMA compliance tips for startups
Meeting the requirements of the DMA and the gatekeepers can help your startup mitigate risks and build trust with its users. Here are some key strategies for getting — and staying — compliant:
- Get a high-level view of your compliance: Use a compliance checklist to gauge how compliant you are with the various data privacy regulation provisions. A number of DMA requirements overlap with other EU regulations, including the GDPR and ePrivacy Directive. If you’re already GDPR-compliant, you have likely already done much of the necessary work.
- Conduct a data privacy audit: Use a tool to audit your data privacy practices to identify potential compliance gaps and areas for improvement. Also check your operations to ensure data is only accessed when and by whom it’s needed, and that your security measures are adequate for the types and volume of data you process.
- Adopt a consent management platform: Use a reliable and scalable CMP to automate and streamline the process of obtaining and managing user consent. A solution like Usercentrics CMP also comes with Google Consent Mode v2 integrated, enabling you to compliantly signal user consent information to Google services to meet their requirements.
Meet Digital Markets Act (DMA) compliance with Usercentrics
The DMA aims to foster innovation and promote fair competition among online businesses while protecting users’ rights and personal data. However, it also introduces potentially complex requirements for startups and SMEs.
As a small business, you need to navigate the evolving digital landscape while ensuring robust customer data protection, all while managing the costs associated with DMA compliance and maintaining focus on your core business and growth.
By integrating a reliable CMP into your tech stack, you can streamline your compliance efforts, build customer trust, and gain a competitive advantage. You also safeguard your online revenues and potentially create new streams by taking advantage of DMA requirements like those for data portability and gatekeepers’ operational transparency.
Usercentrics CMP enables startups and SMEs to achieve DMA compliance with gatekeepers’ requirements by automating consent management processes, enabling transparent data practices, and safeguarding user privacy.
