Data Economy
Data is one of the essential resources of the digital economy. The amount of data available worldwide has been increasing rapidly for years. The data economy has enormous potential for value creation. At the same time, the flood of ever new legal requirements for handling data poses major challenges for all players. We navigate our clients unerringly and with a sense of proportion through the regulatory jungle.
Legal challenges in dealing with data have long since ceased to arise solely from data protection law. Together with the still essential regulations on the protection of personal data, a number of other European legal acts now form more far-reaching data legislation that also regulates the handling of non-personal data. In addition to legal acts that are essentially focussed on data, European and national provisions of IT security law, antitrust law, product liability and product safety law as well as distribution law are also important for the handling of data. Violations of legal requirements are often accompanied by official investigations and increasingly by civil law claims in the context of private enforcement. With our expertise in all relevant areas of law, we cover the entire spectrum of data compliance in a joint team of experts.
Our services
Data compliance
A series of directly applicable regulations together with numerous other legal acts form the highly complex new European data law. Following the General Data Protection Regulation (GDPR) in 2016 and the Data Governance Act (DGA) in 2022, the European legislator has set two further milestones for the regulation of data and artificial intelligence in the European Union in 2024 with the Data Act (DA) and the Artificial Intelligence Act (AIA). Regulatory requirements for artificial intelligence and the access to, exchange and use of both personal and non-personal data are in an area of tension with the already established data protection requirements. Other European legal acts already in the legislative process will further tighten the regulatory framework for data and AI in the future.
When it comes to data security, regulatory requirements under IT security law must also be observed. The handling of data is also subject to the strict requirements of antitrust law. The legal acts of European data law do not constitute a general safe harbour for antitrust violations, such as the prohibited exchange of competitively sensitive information. The provisions of product liability law, which is now also extended to digital products, software and production files, and product safety law, for example when data influences the safe use of a product, continue to apply. When commercialising data, distribution law must also be kept in mind along the entire value chain.
Regulatory compliance is one of the core components of data compliance, regardless of an organisation's industry or size. Data compliance essentially comprises all applicable rules that companies must adhere to when processing (personal and non-personal) data, including legal regulations, contractual conditions, certifications, codes of conduct, industry standards, binding corporate rules and internal guidelines.
Data compliance by design
The extensive data law requirements not only form the regulatory framework for business processes and the design and use of applications and systems within an organisation. Compliance with data law requirements in the sense of "data compliance by design" will also play a decisive role in the sustainable success of most digital business models.
Data compliance governance
Robust and efficient data compliance governance is essential in order to effectively manage the multitude of data compliance requirements in practice. This includes effective organisational structures and practicable processes for implementing data compliance requirements with clearly defined roles and responsibilities.
Data compliance management systems (DCMS) complement and expand the perspective of already established data protection management systems (DPMS). Together, these systems aim to systematically plan, implement, continuously monitor and improve measures to comply with legal requirements for both personal and non-personal data as well as for artificial intelligence.
Official enforcement and private enforcement
The regulation of data and, in particular, data protection law is flanked by extensive enforcement and dispute resolution mechanisms at European and national level as well as private enforcement. The new European legal acts provide the competent authorities with a set of sensitive sanctions modelled on the GDPR. One focus will therefore be on the implementation of official proceedings and legal action against such decisions before national and European courts. In addition, there is private enforcement of rights, which is also playing an increasingly important role due to new collective action proceedings throughout Europe and can represent a considerable economic risk for companies. In this respect, we advise in integrated teams with a complete view of all conceivable possibilities and risks and develop an overall strategy for your company on how to best deal with the risks of public and private enforcement. Of course, in the event of a case, we also support you in the implementation of the jointly agreed strategy with our broad experience – in the defence of collective actions and in the efficient management of mass proceedings – in the defence of your rights before authorities and courts.
Well
informed
Subscribe to our newsletter now to stay up to date on the latest developments.
Subscribe now