DSGVO vs. the Data Act: The new data dilemma
13.7.2026.
More data usage or data protection? Find out why companies need to balance these two requirements in this blog.

More data usage or data protection? Find out why companies need to balance these two requirements in this blog.

With the Data Act, the EU is pursuing a clear objective: to facilitate better use and easier sharing of data. At the same time, the General Data Protection Regulation (GDPR) remains in force, the purpose of which is to protect personal data. This presents a new challenge for businesses: whilst the GDPR restricts the handling of data, the Data Act promotes its availability and use.

 

Different objectives

The GDPR protects individuals’ privacy. Organisations must ensure that personal data is only processed lawfully. The Data Act, on the other hand, takes an economic approach. Users of connected devices and digital services should be able to access the data they generate more easily and share it with other providers.

 

In a nutshell:

  • GDPR: Protecting personal data
  • Data Act: Promoting access to and use of data

 

The dilemma facing businesses

In practice, it is often not possible to draw a clear distinction between personal data and technical data. A modern vehicle, a production machine or an IoT device constantly generates data. Some of this data is purely technical, whilst other data may allow conclusions to be drawn about individuals. Companies therefore face a difficult challenge: on the one hand, they must make data accessible in accordance with the Data Act; on the other hand, they must not breach the provisions of the GDPR in doing so.

The crucial question is therefore no longer simply: ‘Are we allowed to use data?’, but also: ‘What data are we allowed to pass on, and under what conditions?’.

 

What businesses should do now

The Data Act does not replace the GDPR; both sets of regulations must be considered together. Businesses should therefore assess:
 

  • What data is generated by their products or services?
  • Which of these is personal data?
  • How can data be made available securely?
  • Are existing processes and contracts adequate?

 

Conclusion

The Data Act creates new opportunities for innovation, competition and digital business models. At the same time, the protection of personal data remains as important as ever. For businesses, this means: More data usage – yes, but only with a clear understanding of the data protection requirements. By considering both sets of regulations together, businesses can lay the foundations for a legally compliant and future-proof data strategy.

 

Do you have any further questions about the GDPR, the Data Act or your data strategy? The Teconia team will be happy to assist you with practical advice and clearly understandable answers.

Share post: