The EU Data Act (Data Act) entered into full effect earlier this year, but case law is yet to emerge to provide authoritative interpretation on some of its key provisions. Absent any case law on point, the chief compliance officer, chief digital officer and legal departments of companies falling within the scope of the act are at pains to devise workable compliance strategies.
The primary pain points for compliance with the Data Act include significant legal uncertainty, contractual review burden, substantial technical and operational changes, as well as potential business model disruption. In practice, this means that organisations should already have assessed which products and services fall within scope, identified the relevant data and data flows, reviewed their contractual landscape and considered the operational impact of the new access, sharing and switching obligations.
This client alert tries to assuage some of these pain points by providing an overview of the act, its key practical compliance challenges and a correlation table between each of the provisions of the act and its recitals, the unofficial guidance provided by the European Commission in its FAQs document and other overlapping statutory instruments.
