On September 24, 2023 the EU introduced the Data Governance Act (DGA), aiming to craft a safe and reliable area for sharing and reusing data across the EU. This has far-reaching consequences for many organizations, and we’ll explore a few of these in our attempt to summarize the DGA below.
The idea underpinning this interesting new legislation is that creating a framework which makes it easier to share data will allow organizations to become more efficient and develop new services more effectively as well, and even new technology. Big data is increasingly the lifeblood of understanding people’s needs, from healthcare to consumer electronics. The DGA aims to provide rules and obligations in place to make sure there’s more accessible, legal data for this purpose.
While you might already be familiar with the GDPR, which focuses on personal data protection, the DGA takes a wider stance. It encompasses both personal and non-personal data. It provides transparency to organizations who want to share, and access shared data, but aren’t necessarily familiar with how they’d go about doing this legally.
- GDPR: Primarily safeguards our personal data. Before a company touches personal information, they need a green light. Crucially, the individual in question has a say in how this is used.
- DGA: The DGA is not just about protecting data but also about sharing it responsibly. Think of organizations having to open their data vaults for positive uses – be it public projects or scientific research. Data-sharing services and organizations centered on “data altruism” also come under its radar. They, too, must get a nod from data providers before passing data onwards.
In essence, while GDPR ensures personal stories aren’t mishandled, DGA ensures Europe’s collective data story is productive. There’s a helpful European Commission explainer video concerning the intent behind the DGA here.
What does it mean for businesses like mine?
Data is now a valuable resource, the DGA is a guide on how businesses can share this. But what does this mean for your business?
What you’re expected to share isn’t one-size-fits-all. It depends on your sector and the data you gather.
The EU website has an excellent series of FAQs, explanatory videos and an overview of the legislation itself. On a basic level though, ask yourself the question: “Is the data we gather in the public interest?”
Some examples of the type of data you might consider sharing are:
- Public Data: Demographics, regional activity, or economic metrics.
- Public-Interest Data: Insights into climate change, environmental safeguards, or community health.
- Derived Public Data: Evaluations on how a public service fares or the impact of certain policies.
Why share at all?
- Legal penalties: Some data types, like public sector insights, need to be on the sharing table. If not, you might face some penalties.
- Quid pro quo: Sharing can be a two-way street. By giving some, you might gain insights that refine your products or streamline decisions.
- For the greater good: Beyond profits, data can be your goodwill gesture. It could bolster research or help communities thrive. From a sustainability perspective, it’s a good look for your organization to be sharing insights on environmental performance.
Some examples of businesses that could be sharing under DGA guidelines:
- A retailer, by sharing shopping trends, might give market analysts a way to predict the next big wave.
- A factory could trade notes on energy use, paving ways for eco-friendlier production lines.
- Health institutions, by sharing patient data, could be help lead to revolutionary treatments.
- A transport operator will be expected to share data on public transport usage, to facilitate better infrastructure investment.
Is the DGA applicable in the U.K.?
Not yet. The U.K. Parliament is currently debating a Data Reform Bill that includes many of the same basic principles and provisions of the DGA however, so even if you’re only doing business in the U.K. presently, it’s worth brushing up on what the DGA requires of those on the continent.
Crown Records Management have been handling data in Europe since the days of the 1995 Data Protection legislation. We’re always here to offer guidance and provide services about storing, managing, and securely destroying the data your organization generates. Get in touch today.