Skip to main content

On-demand webinar coming soon...

Blog

EU Data Governance Act approved by Council

The Act has been adopted by the Council of the European Union and awaits publication in the Official Journal before becoming applicable in late 2023

Robb Hiscock, Content Marketing Specialist, CIPP/E, CIPM
May 16, 2022

N/A

On May 16, 2022, the Council of the European Union approved the Data Governance Act (DGA) following approval from Members of the European Parliament (MEPs) in April. On November 30, 2021, the European Commission announced that negotiations had concluded and that a political agreement had been reached between the Commission,  European Parliament, and the Council of the European Union on the DGA. The proposal for the DGA was initially introduced on November 25, 2020, and had been under discussion for over 12 months. The DGA is the first legislative initiative adopted under the European strategy for data and aims to increase trust in data sharing and establish trusted data use for research and innovation, among other things.

Margrethe Vestager, Executive Vice-President, A Europe Fit for the Digital Age, said: “This Regulation is a first building block for establishing a solid and fair data-driven economy. It is about setting up the right conditions for trustful data sharing in line with our European values and fundamental rights. We are creating a safe environment in which data can be shared across sectors and Member States for the benefit of society and the economy.”

Watch the webinar: The Automated Data Map: Your Foundation for Privacy, Security, and Governance

What is the EU Data Governance Act?

The Council of the European Union has highlighted that the DGA will establish robust procedures to facilitate the reuse of certain protected public sector data, and foster data altruism across the EU.

One of the more significant elements of the proposed DGA is the Council’s aim to define a new business model for data intermediation services that would serve as trusted environments for organizations or individuals to share data. The Council highlights that data intermediation services will help:

  • support voluntary data sharing between companies
  • facilitate the fulfillment of data sharing obligations set by law
  • organizations share data without fear of it being misused or losing competitive advantage
  • individuals exercise their rights under the GDPR
  • enable individuals to gain control over their data and allow them to share it with trusted companies

The Council also explains that the control that individuals will gain over how they share their data will be managed via novel personal information management tools, such as personal data spaces or data wallets. These are apps that share such data based on the data subject’s consent. Data intermediation service providers will be prohibited from profiting from the data that they handle, however they will be able to charge a fee for their services. The DGA also provides for certifications to identify compliant providers of data intermediation services.

Additionally, the DGA would introduce safeguards against the unlawful transfer of non-personal data similar to how personal data transfers are regulated under the GDPR. As such, the European Commission would be able to adopt adequacy decisions for countries that have the appropriate safeguards in place to protect non-personal data to an EU standard. The Commission may also develop a set of contractual clauses for scenarios where non-personal data is transferred to a third country.

In order to assist the Commission in enhancing the interoperability of data intermediation services, the European Data Innovation Board will be created. The Board’s duties will also include issuing guidelines on the development of personal data spaces, among other things.

What does the EU Data Governance Act mean for organizations and next steps?

The introduction of safeguards for the transfer of non-personal data will pose an interesting challenge for organizations, many of which are still being affected by the fallout from the Schrems II decision. Adding an additional layer of regulated data will mean that organizations will need to identify this data, where this data lives, and how it is being used.

The provisional agreement reached by the European Parliament, the Council of the European Union, and the European Commission in November 2021 has now been approved by MEPs and by the Council and now awaits the signature of the President of the European Parliament and the President of the Council before being published in the Official Journal. The new requirements under the DGA will apply 15 months from the date of publication meaning an effective date of August or September 2023 is likely.

With the final stages of this legislative process concluding, the importance of organizations having a unified privacy and data governance program is now under the spotlight. And, as part of that program, having strong data discovery and mapping processes in place to be able to handle this broader scope of data.

Organizations can begin to strengthen their privacy and governance programs by finding and understanding their data, both personal and non-personal. OneTrust enables businesses to know their data holistically – what type of data they process, where the data is located, the business processes, the third parties involved, and the many-to-many relationships between them. OneTrust can automatically populate an ever-green data map to serve as a single source of truth to actively discover, classify, and map data in real-time. With this map, AI-powered regulatory intelligence can help to flag risks and potential regulatory violations and recommends workflows so businesses can establish trust with consumers, employees, and regulators.


You may also like

Infographic

Data Discovery & Classification

Data governance in manufacturing: Challenges and use cases

Learn the impact a data governance program has in manufacturing and how it enables greater efficiency across your supply chain

February 26, 2024

Learn more

Infographic

Data Discovery & Classification

What to look for in a data discovery solution

Make sure you choose the right data discovery solution for your organization with our comprehensive breakdown of key benefits and features to look for.

February 20, 2024

Learn more

Infographic

Data Discovery & Classification

Data governance in retail: Challenges and use cases

Learn how data governance can help manage the high volume and sensitivity of data that runs through your retail operations.

February 12, 2024

Learn more

Infographic

Data Discovery & Classification

Data governance in healthcare: Challenges and use cases

Learn how data governance can help your healthcare organization effectively manage its protected health information (PHI) and other sensitive data.

February 08, 2024

Learn more

Infographic

Data Discovery & Classification

Data governance in financial services: Challenges and use cases

Learn how data governance can help address common challenges in the financial services industry and protect your most critical information.

January 12, 2024

Learn more

Webinar

Data Discovery & Security

A guided tour of OneTrust Data Discovery magic

Our expert speaker will demonstrate how common real-world data challenges can be identified, addressed, and reported on, leading to better data governance, security, and alignment with business goals. 

October 26, 2023

Learn more

Webinar

Data Discovery & Security

Data minimization and risk assessment in data discovery

Explore the concept of data minimization and its crucial role in enhancing security, privacy, and reducing risk.

October 19, 2023

Learn more

Webinar

Data Discovery & Security

Data Discovery Dispelled: Unmasking the mysteries of data

Join us for a journey into the heart of data management as we explore the depths of data within organizations and shed light on how technology can enhance data security, privacy, and compliance.

October 12, 2023

Learn more

Webinar

Data Discovery & Security

Data Discovery Dispelled: Data's dark corners

Join the first part of our Data Discovery Dispelled webinar series where we will discuss the hidden sensitive information that could pose risks for your organization.

October 12, 2023

Learn more

Report

Data Discovery & Security

OneTrust named a strong performer in 2023 Forrester Data Governance Wave​

Download The Forrester WaveTM: Data Governance Solutions, Q3 2023 report to see why OneTrust was named a strong performer.

September 26, 2023

Learn more

Data Sheet

Data Discovery & Security

Data Discovery and Security

Explore our OneTrust Data Discovery and Security data sheet to learn how you can discover and control your data while enabling your teams.

September 18, 2023

Learn more

eBook

Data Discovery & Classification

Ultimate guide to building a data governance program

Download this eBook and learn practical methods in building a flexible data governance program that aligns with your business.

August 14, 2023

Learn more

Webinar

Data Discovery & Classification

Live demo: OneTrust Data Discovery

See how OneTrust Data Discovery can help your organization achieve complete data visibility to empower your security program and reduce risk.

June 23, 2023

Learn more

Webinar

Data Discovery & Classification

Data responsibility: The information security professional’s higher purpose

Join OneTrust and KPMG for a dialogue with Information Security leaders on managing the balance between risk and reward when handling sensitive customer information.

June 20, 2023

Learn more

Webinar

Data Discovery & Classification

OneTrust Data Discovery Day: A deep dive into automating data discovery and classification

Join us for a two-hour deep dive into data discovery and how OneTrust helps privacy, IT, and security teams understaind their data and achieve risk reduction goals.

June 13, 2023

Learn more

Infographic

Data Discovery & Classification

How OneTrust Data Discovery integrates with Microsoft 365

Explore three key integration capabilities of OneTrust Data Discovery and Microsoft 365.

June 13, 2023 3 min read

Learn more

Report

Privacy & Data Governance

Gartner® Innovation Insights: Data Security Posture Management (DSPM)

Read this report from Gartner® that highlights some of the key capabilities needed in a DSPM.

 

May 30, 2023

Learn more

Webinar

Trust Intelligence

How the Onetrust platform is innovating to unlock the value of trust

Join this webinar to learn how OneTrust is enhancing its privacy management, data governance, and consent and preferences solutions to help organizations tackle data sprawl and enable regulatory agility.

May 24, 2023

Learn more

Data Sheet

Data Discovery & Security

Employee onboarding and offboarding management

Download our onboarding and offboarding management data sheet and learn how OneTrust Certification Automation can help reduce your risk exposure and improve compliance.

May 17, 2023

Learn more

White Paper

AI Governance

Navigating responsible AI: A privacy professional's guide

Download our white paper and learn how privacy teams help organizations establish and implement polices that ensure AI applications are responsible and ethical. 

May 03, 2023

Learn more

Infographic

Data Discovery & Classification

The CISO challenge: Data. Threats. Regulations.

Unstructured data poses risks due to its open access and lack of governance, and CISOs need to implement measures to track, de-risk, and protect it.

March 03, 2023

Learn more

Webinar

Data Discovery & Security

Insights & analytics: Digging into the data to measure and accelerate trust programs webinar

See how OneTrust Insights and Analytics empowers privacy, marketing, data, and security teams with reporting functionality using solution-based dashboards.

August 02, 2022

Learn more

Webinar

Data Discovery & Security

Rethinking trusted data

Join us for a discussion on the latest trends in trusted data and how you can take critical steps to build trust in data practices

May 24, 2022

Learn more

Webinar

Data Discovery & Security

Optimizing data usage through integrated data privacy and governance

Join us for a discussion on driving better business use and outcomes from data while ensuring regulatory requirements are met.

May 24, 2022

Learn more

Webinar

Data Discovery & Security

Build your foundation through data discovery & mapping

In this webinar we cover how data discover and mapping helps you streamline compliance with US privacy laws such as the CPRA, the CDPA, and Colorado's Privacy Act.

March 24, 2022

Learn more

Webinar

Data Discovery & Security

UK DSAR Automation: How Data Discovery enhances your DSAR workflow

Learn how OneTrust Data Discovery enhances DSAR workflow and automates the DSAR lifecycle in this webinar.

March 18, 2022

Learn more

Webinar

Data Discovery & Security

Data Discovery South Africa: How to create value and demonstrate trust through your data?

Watch this webinar and discover how automated data discovery is helping clients in South Africa create value and demonstrate trust. 

March 10, 2022

Learn more

Webinar

Data Discovery & Security

Data Discovery Türkiye: How to create value and demonstrate trust through your data?

Watch this webinar and discover how automated data discovery is helping clients in Türkiye create value and demonstrate trust. 

March 09, 2022

Learn more

Webinar

Data Discovery & Security

Data Discovery Hungary: How to create value and demonstrate trust through your data? | Resources | OneTrust

Watch this webinar and discover how automated data discovery is helping clients in Hungary create value and demonstrate trust.

March 08, 2022

Learn more

Webinar

Data Discovery & Security

Data Discovery Romania: How to create value and demonstrate trust through your data?

Watch this webinar and discover how automated data discovery is helping clients in Romania create value and demonstrate trust. 

March 08, 2022

Learn more

Webinar

Data Discovery & Security

Data Discovery Israel: How to create value and demonstrate trust through your data?

Watch this webinar and discover how automated data discovery is helping clients in Israel create value and demonstrate trust. 

March 05, 2022

Learn more

Webinar

Data Discovery & Security

Privacy automation: bridging the gap between compliance & data governance to deliver trusted public services

Learn how you can take the first steps towards data intelligence and advance your privacy program to the next phase of automation and maturity.

January 18, 2022

Learn more

Webinar

Data Discovery & Security

Automating the classification and mapping of sensitive data​

In this free webinar, learn how to automate the classification and mapping of sensitive data and speed compliance.

January 10, 2022

Learn more

Webinar

Data Discovery & Security

3 keys to a unified data governance program

Learn how properly governed data leads to better data quality, increased data intelligence and more trusted data. 

August 27, 2021

Learn more

Infographic

Data Discovery & Security

The 4 pillars of data intelligence

Learn the Four Pillars of Data Intelligence and discover how to develop an effective data program.

August 02, 2021

Learn more

Webinar

Data Discovery & Security

Data intelligence: Using and improving your data

In the final webinar in the series, we explore the final step on the path towards data intelligence - using and improving your data.

July 19, 2021

Learn more