🔎 Data Act: What CIOs really need to know

The Data Act (EU 2023/2854) fundamentally redefines data governance in Europe, particularly data from connected objects, industrial systems and associated services.

👉 For a CIO, the impacts are very concrete:

• Data access by design

IoT solutions must allow direct, secure and free access to the generated data, in usable formats. No more "default" technical barriers.

• Extended portability and sharing

Companies will be able to request the transfer of their data (personal and non-personal) to a third party or another service provider, without any loss of quality. This goes well beyond the GDPR's data portability requirements.

• Contracts under surveillance

Clauses restricting access to or reuse of data become illegal. A ban on unfair terms will apply to all contracts, including existing ones, by 2027.

• Removal of obstacles to cloud migration

From January 2027, migration to another cloud provider must be possible without excessive costs or technical obstacles.

• GDPR unchanged, but essential

The Data Act does not replace the GDPR: legal bases, roles (controller/processor), security and the rights of individuals remain mandatory for personal data.

📅 Important to remember regarding scheduling

– Main application: September 2025

– Cloud switching effective: January 2027

🎯 Key message for CIOs

The Data Act is not just "another" piece of legislation. It mandates a review of contracts, a more open data architecture, and increased vigilance regarding supplier dependencies.

Data governance is becoming a strategic issue, not just a legal one.

#DataAct #CIO #DataGovernance #IoT #Cloud #GDPR #Interoperability

https://www.cnil.fr/fr/reglement-donnees-data-act-nouveau-cadre-europeen-pour-partage-utilisation-donnees