Security & GDPR
GDPR and data: a practical guide for leadership
What the GDPR requires when exploiting data, what responsibility falls on leadership and how to work with sensitive data without losing control or compliance.
Read articleKey takeaways
- The Data Act regulates access to and sharing of data from connected products and services.
- It seeks a fairer data market and favours portability.
- It opens opportunities for new data-based services.
- It is complementary to the GDPR.
- It rewards companies with ordered, governed data.
The European data economy is getting an increasingly complete regulatory framework. Alongside the GDPR, which protects personal data, the Data Act addresses a different question: who can access and use the data that connected products and services generate.
What it is
The Data Act is a European regulation governing fair access to data and its reuse, with special attention to data generated by connected devices (IoT) and digital services.
What changes
- User access: whoever uses a connected product can access the data it generates.
- Portability: easier to switch data-processing providers.
- Fairer sharing: balances SMEs versus large platforms.
- Interoperability: promotes standards for sharing data.
Before
Data lockedin maker
Data Act
User accessPortability
Result
Fairerdata market
Opportunities for companies
Beyond compliance, the Data Act opens opportunities. Access to data once locked in devices or platforms enables new services — predictive maintenance, usage analytics, data-based business models — and reduces dependence on a single provider through portability.
What it implies for your architecture
Leveraging the Data Act requires integrating, governing and sharing data securely with access control. Companies with an ordered data layer and governed APIs are better positioned to access new data, meet portability obligations and turn it into value.
The Data Act frees data companies generate but could not use, opening new service opportunities.
In summary
The Data Act governs access to and reuse of data from connected products and services, favouring portability and a fairer market — complementary to the GDPR. It opens opportunities for new services, and rewards companies with an ordered, governed data layer and APIs.
Sources & further reading
Frequently asked questions
Does the Data Act replace the GDPR?
No. They are complementary: the GDPR protects personal data and the Data Act regulates access to and reuse of data, especially from connected products and services.
Who benefits?
It seeks a fairer sharing of data value, reinforcing users and SMEs versus those who control large data volumes.
How do I prepare to leverage it?
With an ordered data layer, governed APIs and the ability to integrate and share data securely and portably.
What data does it mainly regulate?
Data generated by connected devices (IoT) and digital services, which used to stay locked with the product maker or service provider.
What opportunities does it open?
Access to previously locked data enables new services — predictive maintenance, usage analytics — and reduces single-provider dependence via portability.
What changes for the user of a connected product?
They can access the data that product generates and, thanks to portability, switch data-processing providers more easily.
Turn this data into results
Tell us what you want to achieve. Data Layer connects, processes and delivers the result up and running, with no infrastructure for you to manage.