The European Data Act Regulation
The EU “Data Act” regulation came into force on 11 January 2024 and will apply from 12 September 2025. This regulation governs the access and use of data. It goes beyond the GDPR in that it also covers non-personal data generated when using connected products and services.
The Data Act is particularly relevant for manufacturers of IoT and IIoT (Industrial Internet of Things) devices and providers of connected services. These products and services aim to offer users greater convenience, such as smart home applications or smart charging for electric cars, and to increase efficiency in industry through the collection and optimisation of measurement data. The regulation is aimed at data controllers, public authorities and the users of these connected products and services, regardless of where the company is based.
Although the Data Act does not replace the GDPR, but supplements it, both regulations must also be observed when processing personal data. Violations of the obligations under the Data Act can lead to significant fines of up to 20 million euros, or 4 per cent of annual global turnover.
Do you have questions?
Objectives of the Data Act
The Data Act creates a legal framework that regulates access to and use of data in order to promote innovation while protecting the rights of individuals and companies.
Data sovereignty
Transparency
Innovation
Fairness
More control over personal and company data
Clear rules for data usage
New business models and better services for all
Equal opportunities for small businesses and consumers
Time schedule
How can msg Plaut assist you?
Elevaluate concern
We start with a review of the individual product and service units to determine whether or not they are affected by the Data Act.
Gap-Analysis
On this basis, we analyze the impact in detail and determine whether the Data Act criteria have been fully, partially or not fulfilled.
Heat-Map-Analysis
Based on the gap analysis, we create a heat map that provides a comprehensive overview of the affected products and services and shows where action is needed.
Based on these findings, we develop a strategy to successfully fulfill the requirements of the Data Act. This process ensures that all relevant requirements are taken into account and implemented to ensure compliance with the Data Act.
Blog: The Cybersecuity Compass
Ayhan Mehmed and Natalia Petrova-Korudzhiyski are constantly presenting new and trending
cybersecurity topics in their blog. You can find all episodes here:
