How businesses can keep up with new data regulations of the EU

The European Union's data regulations have garnered significant attention recently, driven by the advent of the General Data Protection Regulation and the Schrems II rulings. These regulations have brought about a sea change in data privacy, prompting the need for companies to adopt appropriate measures to safeguard personal data.

However, while the regulations aim to establish a market for data and facilitate data exchange between companies, this goal has yet to be achieved. Consequently, the regulatory landscape is expected to evolve further, potentially introducing further measures to uplift the data capabilities of European companies, regulate activities around AI, and establish a market for data.

This regulatory activity presents both challenges and opportunities for organizations. On the one hand, it adds further requirements and obligations to data-enabled businesses, necessitating appropriate measures to comply with regulations. On the other hand, it creates an opportunity for competitive advantages for those companies that best navigate the regulatory landscape and derisk their data transformations.

The EU's digital strategy is expected to evolve, necessitating organizations to remain aligned with the regulatory process. As such, companies should adopt a proactive approach to compliance, assess their risks, and implement appropriate measures to mitigate them. By doing so, they can effectively navigate the regulatory landscape and capitalize on the opportunities that arise from the EU's digital strategy.

The EU digital strategy

The EU digital strategy encompasses several key acts designed to promote fair and safe practices in the digital sector while enhancing trust and facilitating data sharing. These acts include the Data Governance Act, the Digital Markets Act, the Digital Services Act, the Data Act, and the AI Act.

The Data Governance Act establishes a novel approach to managing data, creating an environment conducive to sharing data and enhancing trust in the process.

The Digital Markets Act creates fair and contestable markets for innovation, growth, and competitiveness in the digital sector.

The Digital Services Act aims to create a safer digital space where the rights of all users of digital services are protected.

The Data Act regulates access to data in B2B, B2C, and B2G relationships while covering data switching between cloud providers.

The AI Act is designed to enact stringent regulations of high-risk AI systems and prohibits certain practices, ensuring that AI operates within ethical and legal boundaries.

While these acts are currently in draft status and subject to potential changes, the trend is clear: stricter regulatory guardrails for data and AI are becoming increasingly necessary. According to current plans, these acts will only become effective during or after Spring 2023, with the end of the alignment process on the horizon. As such, organizations must remain aligned with the regulatory process and implement appropriate measures to comply with the evolving regulatory landscape.

New possibilities arising from the EU Digital Strategy

While the EU's new data strategy introduces requirements that may impose administrative and compliance burdens, it also opens up new possibilities that organizations should not overlook.

Firstly, the possibility of data sharing and portability creates new opportunities for companies to attract customers to a new platform and ensure that the services they expect can be provided without any natural advantage gained from the inability to transfer end-user data. This can be particularly useful in cases where users are reluctant to switch platforms due to losing access to their previous order history, personal data, and other information.

Secondly, the possibility of reducing the market power of gatekeeper platforms enables organizations to move their existing infrastructure to a large cloud provider without being locked in or faced with the risk of services being canceled at any point. This can significantly reduce the risks of switching providers and give organizations greater flexibility and freedom to operate.

Thirdly, protecting end-user rights associated with AI creates new market opportunities for identifying possible algorithms that are not forbidden or high-risk. This can create new possibilities, even in areas where companies traditionally rely on legacy algorithms, as they explore new approaches and algorithms that comply with regulatory requirements.

These possibilities offer a range of new opportunities for organizations to generate additional business from the EU digital strategy. By adopting a proactive approach, companies can capitalize on regulatory changes and create new sources of value, benefitting themselves and their customers.

How to benefit from the new regulatory regime

The new regulatory regime brings several benefits, particularly regarding data sharing and portability and reducing the power of gatekeeper platforms. These benefits are particularly significant in social media platforms, insurance contracts, and other services.

For instance, in the banking sector, the manual or cumbersome transfer of customer information has created a strong lock-in effect, making it difficult for customers to switch providers. However, with the new requirement to easily transfer information, this lock-in effect can be weakened, reducing customer burden and enabling new business propositions to emerge.

Moreover, reducing incumbents' power will increase competition in the digital platform space. Platforms may now be required to allow competitors to exchange data with them, which should create a more level playing field and encourage greater competition. This will likely be particularly relevant in social media platforms, search engines, and cloud-based infrastructure provision.

These benefits allow businesses to enter existing markets, improve their offerings, and gain a competitive advantage. By embracing regulatory changes and adopting a proactive approach, businesses can benefit from the new possibilities and improve customer relationships.

The challenges posed by the new regulatory landscape

The new EU regulatory landscape presents challenges for businesses, particularly regarding the use of AI in decision-making and customer rating. Companies such as credit bureaus, insurers, and banks must be prepared to address increased user rights and potential changes to their core business processes.

Three keys to navigating the EU Digital Strategy

Companies must take three key steps to navigate the EU digital strategy successfully. First, they must assess the impact of the new regulations on their business and identify areas where changes may be required. This includes thoroughly evaluating the four key acts related to data governance, digital services, AI, and data.

Second, companies should investigate the potential opportunities the new regulatory landscape presents. This includes the possibility of accessing new markets by sharing end-user data.

Finally, as the EU digital strategy evolves, companies must be prepared to collaborate with governing bodies to interpret the regulations. This is particularly important in the case of AI, where many companies may struggle to comply with the new guidance.

Companies can mitigate the new regulations' impact by revisiting their data collection and AI processes. They should identify which use cases require personal data and prioritize consent and safeguards accordingly. By taking these actions and shaping their decision-making process to incorporate the consequences of certain actions, companies can successfully navigate the new regulatory landscape and emerge in a better position once the final rules are published.