Securiti Named a 2022 Cool Vendor in Data Security by GartnerDownload Now
As part of the European Digital Strategy, the European Commission proposed the Data Governance Act (DGA) which is now published in the Official Journal of the European Union. It will enter into effect on 23 June 2022 and apply in full form from 24 September 2023.
The DGA aims to create a secure environment for the processing and re-use of public sector data for purposes other than the ones for which the data was originally collected. It applies to both personal and non-personal data and imposes obligations on data sharing service providers (data intermediation services) and data altruism organizations. The DGA also ensures safer and wider re-use of protected public-sector data, this includes trade secrets, personal data and data protected by intellectual property rights.
Let’s look into a quick overview of the Data Governance Act, especially the data privacy obligations it has come up with and see how well it aligns with the existing EU privacy legal framework.
Key provisions of the DGA:
Data intermediation services providers can be established in the EU and can also be located outside the EU, in that case, they must designate a representative in the EU.
to access and re-use the data within the physical premises in which the secure processing environment is located in accordance with high security standards, provided that remote access cannot be allowed without jeopardizing the rights and interests of third parties
This indicates that any re-use of data must take place in compliance with any responsibilities arising from competition and intellectual property laws. The responsibilities imposed by the DGA are without any prejudice to the application of competition law or any sector-specific EU or member state law that requires public sector bodies, data intermediation services providers or recognised data altruism organizations to comply with specific additional technical, administrative or organizational requirements.
In light of the above, it appears that the DGA has added several layers to the regulation of data protection. It not just regulates personal data but also non-personal data. From a privacy standpoint, it aims to protect the digital fundamental rights and safeguards of data holders and data subjects as well as allow data intermediary service providers to ensure data subjects rights fulfillment in line with the provisions of the GDPR. It must be read together with the GDPR.
Securiti offers Data Intelligence and a whole host of automated solutions that will enable you to discover, analyze and protect large datasets. Our solutions are purposefully designed and fully automated for handling large volumes of data and ensuring compliance with applicable legal requirements.
Ask for a DEMO.