The compliance wake-up call; why 2025 is different

Introduction

2025 is shaping up to be the year of stricter privacy and compliance regulations around the world, something that might have a profound effect on business everywhere as it can lead to high fines, damage to the reputation of your company, and ultimately, customers walking away.

To find out what’s happening and what these changes might mean for your business, we spoke with Marcel van Rijn, Co-Founder and CTO of our sister company Nixon Digital. The Nixon Platform helps companies to stay in control of their website portfolio. The platform makes it easy to gain full insights, optimize performance, and ensure privacy and compliance.

Interview

Q: There's a lot of talk about privacy and compliance lately. What are the latest developments?

In recent weeks, several authorities, including the Dutch AP, the UK's ICO, and regulators in the US and Norway, have announced that they are stepping up their efforts. They are planning structured audits and are sending out large numbers of warning letters.

Marcel van Rijn on the rise of warning letters by regulators

Alongside that, we are seeing larger fines being handed out for violations, particularly around the misuse of personal data. Authorities are not just checking cookies anymore, either. They are scanning for trackers, third-party domains, and data being shared before users have even given proper consent. The moment data is shared without permission; it is already out of your control. That shift in focus makes it even more important to stay on top of your compliance.

Q: How does this impact organizations that aren't fully compliant yet?

It definitely raises the stakes. In the past, some companies knowingly took the risk. They accepted fines as a cost of doing business because the profit from personal data was so high. But times have changed. Consumers are much more aware today. They understand that their data is being shared with all kinds of third parties without their consent, and they do not like it.

That change in public attitude brings real reputational risks. It is not just about fines anymore. If your company is caught mishandling data, it damages your reputation and erodes trust.

Marcel van Rijn on unintentional non-compliance

Last year, for example, Kruidvat's parent company (AS Watson) was fined €600,000. In the grand scheme of things, it was a relatively minor technical issue, but the consequences were major.

Compliance is tricky because it is not always about bad actors. Teams are trying to do the right thing, but with complex platforms and marketing stacks, something small can slip through. And when it does, it raises questions internally too. Employees ask, 'Why are we even sharing this data with those parties?' It touches every part of the organization.

Q: How can companies stay up-to-speed with all the changes?

The most important thing is to realize that compliance is not a one-time project. It is an ongoing responsibility, like cleaning your house. It is hygiene.

Regulations change all the time. Every month, there are new interpretations, updates, or guidelines. You need people in your organization who are dedicated to monitoring those changes and making sure your platforms stay compliant over time. It has to be built into the way you work, not just treated as a one-off task.

In practice, what we often see is that we deliver a fully compliant setup, but a few months after go-live, the company makes updates to their websites or apps, and compliance breaks again. That is why aftercare and continuous monitoring are so important.

The Nixon Platform helps companies to stay in control of their website portfolio

There is also a strong need for automation. B2C companies, especially in fast-moving consumer goods, stand to benefit the most. These companies frequently manage numerous brands across various countries, each with multiple websites and landing pages. When you add it all up, it can easily reach tens of thousands of pages—impossible to monitor manually.

Manual checks are not scalable, especially for large websites or multiple brands. They are expensive, they are slow, and they are vulnerable to human error. That is why we built a platform to automate scanning and alerting. It helps companies stay compliant without constantly draining their IT teams.

Q: If you’re starting from scratch, how difficult is it to become compliant?

Technically, it's not THAT difficult. Most companies think compliance is a huge project, but honestly, it usually takes weeks, not months.

The bigger challenge is organizational. Often, it is not clear who owns privacy compliance internally. Is it Legal, Marketing, IT, or Data? Figuring that out upfront saves a lot of time later.

Sometimes a compliance project drags on for months, not because of technical problems but because internal decisions take too long. From our side, we can move quickly, often within a week, but alignment inside the company is what slows things down.

That is why we focus so much on clear planning. We guide companies step-by-step through the process so that there are no surprises. And for companies that first just want a quick look at where they stand now, we launched Nixon Lite, a free tool that lets you scan up to five website pages. In most cases, you’ll have results in less than two minutes.

Q: You mentioned that laws are evolving fast. How are your compliance platforms adapting?

Our platforms are evolving just as fast, sometimes even faster. It is not just about cookie banners anymore. We are seeing a major shift to server-side tracking, where data is collected in ways that are much less visible.

That opens new opportunities for marketing and data teams because server-side tracking can be more flexible and privacy-friendly if done right. But it also makes compliance checks more complex.

We are also working on improving transparency tools. For example, most cookie banners today show users a list of trackers, but that list is often incomplete. Worse, even if a user clicks 'no' to marketing cookies, some scripts still fire in the background.

That needs to change. We are building technology to make sure what users choose is actually respected in practice, not just in theory.

And to help companies further, we have become an official OneTrust-certified partner. We have developed additional tooling that plugs into OneTrust and guarantees even better compliance out of the box.

As privacy compliance becomes more critical, staying up to date with regulations can be challenging. But if done right, setting up compliance for your company can be a matter of weeks instead of months.

Curious about the current compliance status of your website? Nixon Lite simplifies this with a free, easy-to-use tool for a quick compliance check. It’s an easy starting point for anyone looking to get a better sense of their compliance situation.