Pricing Blog Contact
reading time
4 min

Why GDPR compliance is an ongoing process

Privacy has become part of the daily digital work. New campaigns, landing pages, analytics tools, embedded content, newsletters, and yes, video platforms all raise the same question:

Are we actually handling this correctly?

That sounds like an easy question, but in practice it rarely is. Not because organizations are careless, but because privacy legislation such as the GDPR is built around principles rather than exact technical instructions. The law explains what organizations are responsible for, without a clear explanation of how a website or platform is expected to behave in every scenario. The GDPR requires organizations to clearly explain how and why personal data is processed, but translating those principles into concrete technical implementations is often less straightforward.

As a result, many teams operate in a grey area between legal interpretation, technical implementation, and practical usability.

A cookie scanner may tell you one thing. A legal advisor may interpret it differently. A vendor claims their platform is “fully GDPR compliant,” while another recommends a consent banner for almost every interaction. Even regulators like the Dutch Data Protection Authority, often leave room for interpretation because modern technology evolves faster than legislation can.

Why GDPR scanners are not enough

There are now many tools that promise to scan websites for GDPR risks. Some of them are genuinely useful. They can identify cookies, external requests, tracking scripts, or missing policy pages. That visibility can already be valuable. At the same time, these tools cannot determine the full context behind a website’s behavior.

They cannot decide whether a certain data transfer is necessary. They cannot assess whether consent is freely given or whether a third-party service aligns with an organization’s own interpretation of proportionality and risk. Most importantly, they cannot decide what level of privacy responsibility an organization wants to carry.

This matters because privacy is increasingly becoming an organizational and strategic issue.

A communication team embedding a video on a campaign page is usually not trying to track people. They are trying to tell a story clearly. Yet behind a simple embed, there may still be requests to external domains, third-party cookies, analytics collection, or infrastructure hosted outside Europe.

In many organizations, these decisions are made incrementally over time. A tool is added for convenience, a script for analytics, a platform for video hosting, another integration for marketing automation. Individually, each decision feels relatively small. Together, they shape the privacy footprint of the entire website.

Hidden privacy risks of third-party dependencies

Most websites today rely on a network of external services that provide functionality, performance, analytics, personalization, advertising, hosting, or media delivery. It allows teams to move quickly and add sophisticated functionality without building everything themselves.

That can include analytics scripts, font libraries, tag managers, video embeds, CDN resources, or third-party APIs that quietly become part of the website’s infrastructure.

At the same time, every dependency introduces another relationship that must be understood and managed. Data may flow through multiple vendors before a page fully loads. Some organizations never discover this at all, or only realize it after a compliance review or legal discussion around consent requirements.

This is one reason privacy conversations can become difficult internally. Marketing teams focus on usability and reach. Legal teams focus on risk and accountability. Developers focus on implementation and performance. All three perspectives are valid, but they do not always lead to the same decisions.

We see that many organizations are looking for clarity and reasonable control.

They want to understand:

  • which services are active on their website,
  • what those services collect,
  • where data is processed.

Or simply, are we compliant and aligned with our own organizational standards?

Embedded video and the growing privacy discussion

Video is a good example of how privacy and infrastructure increasingly overlap.

For years, embedded video was the way to go. A team uploaded a video to a major platform, copied the embed code, and placed it on a page. The technical infrastructure behind that process remained largely invisible. It was free, and easy to implement. What more could you want?

Luckily, organizations are looking at those decisions more critically because many traditional video platforms were built around advertising, tracking, and large-scale data collection. The questions that became important where:

  • Can visitors watch a video without being profiled?
  • Does a video player place tracking cookies before consent?
  • Where is viewing data processed?
  • Which external requests are triggered when a page loads?

These are questions no longer confined to legal or IT departments, and that shift is reshaping how organizations think about digital infrastructure more broadly. Rather than adding more tooling to manage privacy complexity, organizations are simplifying their setups to better understand what happens on their websites. Because simpler systems are generally easier to explain, maintain, and govern.

Privacy compliance requires ongoing decisions

One of the reasons privacy work can feel frustrating is that there is rarely a definitive endpoint. Compliance is not something a website permanently “achieves” after a single audit or software installation. Websites evolve continuously. New tools are added. Campaigns change. Teams experiment with new platforms. Vendors update their infrastructure. Regulations develop over time.

Privacy therefore becomes more about maintaining awareness and making deliberate choices. Something we are seeing more and more across organizations. For communication teams, that often starts with a relatively simple shift in perspective. Instead of asking only whether a tool is technically allowed, organizations increasingly ask whether a tool fits the kind of digital environment they want to create.

That often starts with understanding what actually happens when a page loads: which services are contacted, what data is shared, and whether those choices still align with the organization’s own standards.

Published on May 18, 2026
works with
Developer?
Our docs guide you through the process of embedding video, starting with simple steps for novices and advancing to manual configurations for experienced users. It outlines multiple hosting alternatives, including a default CDN, and highlights compatibility with popular web frameworks.
Documentation
script
react
vue
1
2
3
4
5
mave logo
© 2026 mave.io B.V.
Terms of Service

Privacy Policy
End-user license agreement
DNV ISO/IEC 27001 information security management system certification logo WCAG self-assessment badge
Hosted in Europe
product
pricing examples metrics
docs
api reference status
about
contact blog
social
github linkedin
compare
mave vs Vimeo mave vs Wistia mave vs YouTube
🍪 Press 'Accept' to confirm that you accept we don't use cookies. Yes, this banner is just for show!
Accept