Navigating EU Data Act Compliance With Kiteworks
Empowering Organizations to Meet New Data Sharing Regulations
The Data Act, applicable September 12, 2025, establishes harmonized rules for data sharing in the EU and affects users and manufacturers of connected products, data holders and recipients, data processing service providers, and public sector bodies. Noncompliance can result in fines up to €20 million or 4% of global annual turnover, whichever is higher. The Data Act covers personal and non-personal data from connected products and related services. It applies to manufacturers, users, data holders, and recipients in the EU. The Act focuses on business-to-consumer and business-to-business data sharing. It requires connected products to be designed for easy data access by users and mandates that data holders make data available to users and third parties upon request. It also sets conditions for data holders making data available to recipients and establishes dispute resolution mechanisms and allows for technical protection measures against unauthorized data use. The Act aims to balance data access rights with protections for businesses, fostering a fair and competitive data economy while respecting existing data protection laws. Kiteworks supports compliance with the Data Act. Here’s how:
Solution Highlights
- Comprehensive audit logs
- Secure web forms
- Role-based access controls
- Enterprise Connect
- Double encryption
- User data management
Accessible and Verifiable Data
Laid out in chapter 2 are mandates that manufacturers design connected products and related services to allow easy, secure, and free access to data for users. Data holders must make readily available data accessible to users upon request, free of charge, in a structured format. Users have the right to share data with third parties, and personal data sharing must comply with GDPR requirements. The platform’s secure web forms enable organizations to obtain explicit user consent for data collection and use, aligning with the Act’s requirements for transparency. Kiteworks’ comprehensive audit logging system captures all user activities, including file access, uploads, and deletions, providing a detailed trail for accountability. The system allows users to easily access and delete their personal information, supporting the right to data portability and erasure. Role-based access controls and the principle of least privilege ensure that data is accessed only by authorized users, maintaining data security.
Protect Data With Access Controls and Robust Security
Encapsulated in chapter 3 of the Data Act are requirements for data holders to make data available to recipients under fair, reasonable, and nondiscriminatory terms. Data holders may implement technical protection measures against unauthorized access but must not hinder legitimate data use. The platform’s comprehensive audit logging system captures all user activities without throttling, providing a single, consolidated activity log that can be searched, filtered, and sorted, thus supporting transparency. Role-based access controls and the principle of least privilege ensure data is accessed only by authorized users, aligning with the Act’s requirements for fair data access. The Enterprise Connect feature allows secure access to external repositories while respecting their access controls, facilitating data sharing across different systems. Additionally, Kiteworks’ hardened virtual appliance architecture, with its multilayered security approach and strong double encryption, helps protect data during sharing processes, supporting the Act’s emphasis on data security and protection against unauthorized access.
The EU Data Act introduces significant changes to data sharing practices, affecting a wide range of stakeholders and imposing substantial penalties for noncompliance. Kiteworks offers a comprehensive suite of features that align closely with the Act’s requirements, supporting organizations in their compliance efforts. The platform’s secure web forms, detailed audit logging, role-based access controls, and principle of least privilege functionality address key aspects of data transparency, accessibility, and security. Kiteworks’ Enterprise Connect feature facilitates secure cross-repository data sharing, while its hardened virtual appliance architecture with multilayered security and strong encryption protects data integrity. Combined with the platform’s ability to enable user data access and deletion, Kiteworks is a valuable tool for organizations seeking to navigate the complex landscape of Data Act compliance, helping them balance data accessibility with robust security measures in the evolving European data economy.