EU Data Governance Act and UK DPDIB: Compliance Timelines and Implementation Requirements

![Featured image]()

Regulatory Action The European Union's Data Governance Act (DGA) entered full application on 24 September 2024, while the UK's Data Protection and Digital Information Bill (DPDIB) received Royal Assent on 8 November 2024. These parallel frameworks establish new requirements for data sharing, reuse, and cross-border transfers between the two jurisdictions.

What It Requires

1. DGA Compliance Mandates:

   • Registration of data intermediation services with national competent authorities
   • Implementation of technical safeguards for data altruism organizations
   • Mandatory neutrality requirements for data marketplaces (Article 11)
   • New consent mechanisms for sensitive data reuse (Article 5(10))

2. DPDIB Key Provisions:

   • Replacement of GDPR's 'legitimate interests' assessment with new 'recognised legitimate interests' framework
   • Simplified records of processing activities for SMEs
   • Modified rules for automated decision-making (Section 14)
   • Extended data retention periods for national security purposes (Schedule 2)

Compliance Timeline

• Immediate Requirements (Effective Now):

  • EU entities must register data intermediation services with national authorities
  • UK organizations processing child data must implement age verification systems

• Phase 1 Deadline (1 April 2025):

  • Implementation of DGA's data altruism record-keeping systems
  • UK controllers must document new lawful basis assessments

• Phase 2 Deadline (1 October 2025):

  • Full deployment of DGA's data sharing safeguards
  • UK processors must complete Data Protection Impact Assessments for high-risk processing

Practical Implementation Steps

1. Conduct gap analysis comparing existing frameworks against Articles 5-17 of DGA and DPDIB Sections 8-15
2. Establish data intermediation service agreements compliant with Article 12 neutrality requirements
3. Update UK processing activities register using DPDIB's simplified template
4. Implement technical measures for data altruism recognition under DGA Article 25
5. Train staff on new lawful basis documentation requirements under DPDIB Schedule 1

Organizations operating in both jurisdictions should note conflicting requirements regarding data subject rights - particularly the DPDIB's modified right to erasure (Section 19) versus the DGA's data reuse provisions. Legal teams should create jurisdiction-specific compliance playbooks before the April 2025 deadline.

![Compliance process diagram]() Key components of dual compliance framework showing EU/UK regulatory alignment points

Failure to meet these deadlines carries significant penalties: up to €10 million or 2% global turnover under DGA Article 33, and £17.5 million or 4% worldwide revenue under DPDIB Schedule 3. The UK Information Commissioner's Office and EU Data Innovation Board will conduct joint inspections beginning Q2 2025.