EU’s Digital Markets Act (DMA)
Operationalize DMA compliance with the most comprehensive PrivacyOps platform
Last Updated on September 28, 2023
Privacy Center
Fully Functional In Minutes
Elegant Consumer Frontend, Fully Automated Backend, Privacy Regulation Intelligent Everywhere.
Email already in use
Looks like this email is already registered with an existing account.
Unexpected error occurred
Looks like there was an error completing your request, Please contact us here for further support.
Please do not close this window while we process your request
The EU Digital Markets Act (DMA) is part of the EU Digital Services Package that aims to create a safer online space along with the EU Digital Services Act (DSA). The DMA aims to ensure a contestable, fair, and competitive digital market and to ban unfair business practices by large online platforms.
The DMA regulates designated gatekeeper organizations that provide core platform services (CPS) in at least three member states of the EU. Core platform services that can fall under the scope of the DMA includes online intermediation services, online search engines, online social networking services, video-sharing platform services, number-independent interpersonal communications services, operating systems, web browsers, virtual assistants, cloud computing services, and online advertising services.
For an organization to come under the scope of the Act, it must meet one of the following thresholds:
- It has an annual EEA turnover equal to or above EUR 7.5 billion in the last three financial years, or the equivalent fair market value of the undertaking to which it belongs amounts to at least EUR 75 billion in the last financial years and provides a CPS in at least three member states.
- It has more than 45 million monthly active end users established or located in the EU and more than 10,000 yearly active business users established in the EU in the last financial year.
The DMA was published in the Official Journal of the European Union on 12 October 2022. It enters into force on 1 November 2022, and the notification process by which the European Commission designates companies as “gatekeepers” under the Act starts six months later, i.e., on 1 May 2023. Once an organization has received notification by the European Commission that it has been designated as a gatekeeper, it will have six months to comply with the requirements of the DMA at the latest by 6 March 2024.
All designated gatekeepers must comply with DMA's list of dos and don'ts. The DMA is one of the first measures to thoroughly restrict the power of the biggest internet businesses as gatekeepers.
Once put into effect, it will create a set of requirements for chosen gatekeepers and enforce penalties, including fines of up to 10% of the global turnover, in the event of non-compliance.
The Solution
Securiti enables organizations to comply with the EU’s Digital Markets Act (DMA) through AI-driven PI data discovery, DSR automation, documented accountability, enhanced visibility into data processing activities, and AI-driven process automation.
Securiti supports enterprises in their journey toward compliance with the EU’s Digital Markets Act (DMA) through automation, enhanced data visibility, and identity linking.
See how our comprehensive PrivacyOps platform helps you comply with various sections of the EU’s Digital Markets Act (DMA).
With its state-of-the-art artificial intelligence and machine-learning-based tools, Securiti is a market leader in providing data governance and compliance solutions.
Request a demo today to learn how Securiti can aid you and your organization's compliance efforts.
Map Data Flows
DMA Article 5(1)(a), DMA Recital 46
Securiti allows organizations to discover and protect large datasets via automated data mapping. Effective and automated data mapping helps match personal data with its correct owners in all structured and unstructured data systems. This ultimately allows gatekeeper organizations to ensure purpose limitation in relation to aggregated and non-aggregated data.
Monitor and Track Consent
DMA Article 5(2), DMA Recital 36, Recital 37, Recital 60
Securiti's Consent Management Platform enables organizations to obtain end-user's consent for data access, retrieval, and advertising purposes. It allows consent management as per the requirements of the GDPR and e-Privacy Directive. Moreover, accurate consent status is recorded to demonstrate compliance.
Privacy Notice Creation & Management
DMA Recital 72
Securiti's Privacy Notice Creation and Management Solution allows organizations to transparently inform their users about any access or use of their personal data. Gatekeeper organizations can describe the basis upon which profiling is performed, including whether personal data is relied on and the purposes for which the profile is prepared.
Implement Security Controls
DMA Recital 9, Recital 10
Securiti's Data Intelligence enables organizations to identify emerging risk areas and implement security controls. This ultimately enables gatekeeper organizations to facilitate access to data in real-time utilizing appropriate technical measures.
Key Obligations for Gatekeepers Under Digital Markets Act
- To refrain from combining personal data gained through the CPS with personal data from any other service of the gatekeeper or with personal data from third-party services.
- To refrain from automatically signing in end-users to other services of the gatekeeper in order to combine personal data unless the user has consented as per the requirements of the GDPR.
- To allow end-users effective data portability.
- To refrain from preventing business users to offer different terms (lower prices) through different channels.
- To allow end users to easily uninstall pre-installed apps or change default settings on operating systems.
- To allow end users to unsubscribe from core platform services of the gatekeeper as easily as they subscribe to them.
Quick Facts about Digital Markets Act
Gatekeeper organizations that are subject to the DMA include online intermediation services, search engines, social networking services, video-sharing platforms, advertising services, and cloud computing services.
The DMA aims to guarantee that the European Digital Markets are more competitive by allowing new competitors to enter the market and prohibiting big businesses from misusing their market dominance.
The largest digital platforms operating in the European Union that have strong economic positions and significant impact on the internal market are DMA’s focus.
The DMA complements the GDPR’s right to data portability in relation to the obligation of the CSP to ensure effective portability and continuous and real-time access to data provided or generated by end-users.
The DMA deals with both personal and non-personal data. Personal data must be protected as per the requirements of the GDPR.
A gatekeeper risks a fine of up to 10% of its annual global turnover if it violates the DMA. A fine of up to 20% of its global turnover may be applied for a repeat offense.
Those who are harmed by the conduct of non-complying gatekeepers have the right to direct action for damages (through collective actions) in national courts.
At Securiti, our mission is to enable enterprises to safely harness the incredible power of data and the cloud by controlling the complex security, privacy and compliance risks.
Copyright © 2023 Securiti · Sitemap · XML Sitemap
Newsletter
Resources
Get in touch
[email protected]
300 Santana Row Suite 450. San Jose,
CA 95128
