European Data Law


Following the General Data Protection Regulation (GDPR) in 2016 and the Data Governance Act (DGA) in 2022, the European legislature has set a further regulatory milestone with the Data Act (DA) early 2024. The Artificial Intelligence Act (AIA) already approved by the European Parliament will soon further complement the regulation of data and artificial intelligence within the European Union.

All in all, a series of directly applicable regulations and numerous other legal acts form the highly complex new European data law. However, regulatory requirements for artificial intelligence and for accessing, exchanging and using both personal and non-personal data do not at times fit comfortably with existing data protection regulations. Other European legal acts that are currently in the legislative process will further consolidate the regulatory framework for data and AI in the future.

To assist our clients in navigating this ever evolving regulatory jungle, we provide a regularly updated interactive “Map” of European data law (bookmark:

Vorschaubild zur Insight AI Act vom 2.2.2024

The extensive data law requirements essentially establish the framework for designing business processes and utilizing digital applications and systems within a company. Adhering to the regulatory requirements of data law, encapsulated in the principle of “data compliance by design”, not infrequently plays a crucial role in the sustainable success of digital business models.

To effectively manage the multitude of new data regulatory compliance requirements in practice, a robust and efficient data compliance governance is essential. This involves establishing an effective organisational and operational structure for implementing data regulatory requirements, with clearly defined responsibilities and practicable processes. Data compliance management systems (DCMS) complement and expand upon the perspective of already established data protection management systems (DPMS). These systems together are designed to systematically plan, implement, continuously monitor and improve measures to comply with regulatory requirements for both personal and non-personal data and for artificial intelligence on a risk-based basis.

Drawing on our many years of experience as a market-leading firm in data law, we provide our clients with wide-ranging and balanced advice on the robust implementation of data regulatory requirements. We also assist in designing and implementing practicable data compliance governance.