The DSA and DMA aren’t the first pieces of impactful legislation the industry faces. Just a few years ago the GDPR, which was put in into effect on May 25, 2018, took a lot of time, energy, and effort to implement. And still, it often isn’t complied with correctly, with high fines for example for Facebook as a result. The implications of the DSA and DMA might have the same impact on your risk landscape. With standards that are unclear. More work? Yes! But it also provides a great opportunity to take advantage of the changing risk landscape.
Jeroen Bolt & Philip Axt
What legislation is going to hit you?
To successfully deal with these new regulations, the first thing you need to do is to establish your position under the guidelines of the new regulations. It will depend on your role, size and impact in the EU. Once your new obligations have been established, you will need to assess your current business against your new obligations. Where and how will this hit you? Part of this process is to find experts within and outside your organisation who understand the DSA and DMA thoroughly since it's the only way to do this right. The next step is to design and implement sufficient mitigating actions. How are you going to implement new ways of working? Is there a roadmap? Do you fully understand the consequences of what happens if you don’t comply? Let’s just be clear: risk assessments and adequate measures to minimise risks are obligatory for big platforms. Finally, as both you and the regulator understands the impact of new regulation, your new processes and controls will need to be maintained by regular reviews and updates where relevant.
Change your corporate culture
One important key to success is how these new rules are rooted in your organisation. Part of why big companies in this business are successful, is because their employees get the opportunity to be creative, play, explore, and learn what works well and what does not. Sure, there have been rules for a long time now. But also, there have been as many creative ways to deal with – or work around – these rules. Things are different this time. Transparency is one of the major features of these pieces of legislation. One EU commissioner called it ‘turning the page on “too big to care” platforms’. So start thinking about your company culture now and take measures to make everyone know what’s going on and feel the importance of compliance.
This is about society
Also, what’s different than before are the risks we’re talking about. Companies tend to focus on business risks. The DSA and DMA are more about other sorts of risk. It’s all about the platform users. About potential violations on people’s rights. It’s about control. In other words, companies need a change of perspective on what sort of risks we are talking about. This is about the rules of society. Which provides an opportunity. Because, if you as a company really understand what these risks are, you also know what topics are important to your end users. After all you might already know what they want, but now you need to know what they really value.
