EU Data Act operational impacts: Balancing risks and opportunities

The EU Data Act marks a radical transformation in Europe's digital and data landscape and requires careful consideration from organizations as they navigate the requirements and obligations. In order to balance the risks and opportunities, organizations must strategically review how they use data, in terms of how data is accessed, shared, protected and monetized.

The act is broad in scope, applying across the board from manufacturers of connected products to cloud providers, software firms and data-processing services. The scope extends to the vast world of machine-generated data and industrial data, such as that collected and analyzed by connected devices and sensors or analytics processes and platforms.

Industrial data generated across Europe is not yet being fully leveraged, leaving considerable room for innovation and economic value creation. Unlocking even a portion of it could potentially add enormous value to the EU economy, where data is seen as a major engine for innovation and growth.

The act has extraterritorial reach, meaning that it applies to any provider offering data processing services to customers within the EU, or offering products on the EU market, irrespective of where the provider itself is based. In practice this means non-EU companies in scope will also need to comply.

Balancing compliance, fairness and risk

As organizations consider their position, and process their obligations under the Data Act, they may find that it is pertinent to consider how they can use this change to leverage new opportunities and reduce risk, rather than viewing this as just another compliance exercise. 

The act applies across all sectors as a horizontal regulation. It mainly covers nonpersonal data but there will be potential overlap with personal data in cases where device generated information relates to individuals. In those instances, the GDPR still applies.