Programme

Welcome & Objectives

08:45-09:00

- Course introduction and orientation
- What's at stake by 12 September 2025
- Overview of deliverables: compliance checklist, standards and action plan

Module 1: Understanding the scope and applicability

09:00-10:30

"Does the Data Act apply to us and how?":
- Who is affected: data holders, users, recipients, product manufacturers, data processing service providers (i.e., cloud providers)
- What data is in scope: product (connected devices) data, related services data, non-personal data
- Key definitions and real-world examples
- Interaction with other legislations (e.g., GDPR, ePrivacy Directive, Regulation on Free Flow of Non-Personal Data, Data Governance Act, Digital Market Act, AI Act, DORA, NIS2, Cybersecurity Act, Cyber Resilience Act, etc.)

Quick exercise: role mapping
Participants identify how their organisation is likely classified under the Data Act (e.g. data holder, user, data recipient, product manufacturer, service provider).

10:30 - 10:45 | Coffee break 

Module 2: Data access, sharing & contractual readiness

10:45-12:15

"How do we share data lawfully and fairly?" 
- User rights: enabling access to data from connected products
- B2B data sharing: transparency, fair, reasonable, and non-discriminatory (FRAND), unfair contract clauses
- Data Holder to User 
- User to Data Recipient 
- Data Holder to Data Recipient
- Data Sharer to Data Recipient

Live Walkthrough: Model Contractual Terms (MCTs) for data sharing
Participants will be walked through Model Contractual Terms (MCTs) for data sharing and how they can be operationalised. 

12:15-13:15  |  Lunch Break 

Module 3: Cloud switching & technical portability

13:15-14:30

"Are we ready to move or be moved?": 
- Rules on switching data processing service providers (i.e., cloud providers)
- Functional equivalence, timeline, and exit strategies
- Portability and interoperability
- Preparing procurement, legal and technical teams for compliance

Quick exercise: Cloud switching checklist
Participants follow along and discuss as the trainer walks through a checklist, noting key compliance points. 

14:30-14:45  |  Coffee Break 

Module 4: Standard Contractual Clauses (SCCs) for cloud computing contracts to assist parties in drafting and negotiating contracts with fair, reasonable and non-discriminatory contractual rights and obligations

14:45-16:00

"Drafting, assessing and negotiating cloud contracts with fair, reasonable and non-discriminatory contractual rights and obligations". Focus on SCCs: 
- General
- Switching & Exit
- Termination
- Security & Business continuity
- Non-dispersion
- Liability
- Non-Amendment

Quick exercise: on cloud integrated compliance
Participants will identify and discuss with the teacher 3 to 5 cloud issues and how they can be resolved on the basis of the Data Act and the SCCs, also considering other aspects like data protection and cybersecurity legislations. 

Module 5: Governance, documentation & internal action plans

16:00-16:45

From compliance to confidence — who does what?:
- Assigning internal roles (legal, tech, procurement)
- Building Data Act compliance into existing frameworks
- Internal training and communication strategies
- Aligning with GDPR and other EU digital laws

Quick exercise: self-assessment: 30-60-90 Day Roadmap
Each participant drafts three practical actions to implement in the next 90 days 

Wrap-up and next steps

16:45-17:00
- Recap of compliance priorities
- Final Q&A