Guidance on Implementing the Data Act: Your Next Steps
Read here how to meet the new legal requirements in a targeted manner.
1. Analysis & Audit
The Data Act applies to product data from connected products as well as related service data from related services. Companies should therefore first assess whether such data are generated in their business model and whether they fall under the requirements of the Data Act. Key questions include: Which products and services are affected? Which data are generated? Which contracts are in place? Who qualifies as data holder, user or data recipient? Which obligations apply?
2. Concept & Risk Management
The central actors under the regulation are data holders and users. Depending on the context, companies must clearly determine whether they act as a data holder or as a user, and which obligations they bear in that role. Only once the company’s position in the value chain is clearly defined can the legal requirements of the Data Act be implemented effectively. In addition, processes for data access and data sharing must be defined. Technical and organisational measures must be established (format, security, timelines), and a risk analysis should be carried out with regard to misuse, data protection and intellectual property rights.
3. Implementation & Integration
The Data Act obliges data holders to enable users to access product data and related service data generated by connected products and related services. This includes, in particular, the obligation to provide the data in a commonly used, structured and machine-readable format. At this stage, companies must ensure both data access and data sharing in line with the regulation.
4. Monitoring & Optimisation
Companies should continuously monitor developments in legal frameworks, standardisation processes and sector-specific guidelines. It is equally important to assess how their own role (e.g. as data holder or user) impacts concrete business models. Continuous monitoring helps to identify new contractual or organisational obligations at an early stage and to ensure lasting compliance with the requirements of the Data Act.