Within the European Union, there is no uniform trade secrets law. Each member country is free to enact its own sanctions and penalties against individuals and organizations who misappropriate, sell, or disclose another company’s proprietary methods, processes, and know-how. Nonetheless, each EU country now needs to establish minimum requirements to govern what laws they must implement at a minimum in order to create a more uniform legislative environment. This law, the EU Directive on Trade Secrets, sets out these requirements.
The EU Directive on Trade Secrets protects a broad swath of proprietary information. To be eligible for protection, the secrets in question must derive independent value from being kept secret, and must not be generally known by or accessible to individuals in industries that the secret is used in. Owners must also take reasonable measures to protect its security. This requirement alone upends traditional approaches used by Germany and other countries that required companies to show they merely intended to keep their trade secrets secret without demonstrating the steps they were taking to do so.
Much like similar laws, the EU directive addresses situations where a business’s proprietary trade secrets are unlawfully stolen, misappropriated, accessed, or copied. It also sanctions violators who produce or sell products based off those secrets, or who use or disclose them in contravention of a non-disclosure agreement, contractual obligation, or other duty to not do so. Individuals and companies who discover the trade secret through reverse engineering will not be liable for sanctions, and they can also be exposed by whistleblowers relating to illegal activities and bad faith conduct. Trade secrets can also be disclosed without reprisal in certain situations involving media reporting, freedom of expression, and collective bargaining, as well as by workers in their normal course of business. While businesses are not entirely prohibited from using and enforcing non-compete agreements on employees, any such restrictions must not interfere with the employee’s ability to learn on the job or find work elsewhere.
Companies and individuals who don’t comply with the directive can face injunctive relief or be forced to cough up commensurate financial compensation in the form of expected reasonable royalties or damages. Courts can also order the destruction or interception of trade secret files that are in transit for delivery elsewhere. While the directive only provides recommendations for baseline civil measures against offenders, EU-member countries are free to codify more stringent civil and even criminal penalties into their own national trade secret rules.
To ensure compliance with directive’s minimum requirements, you’ll need to show you’re making reasonable efforts to keep your trade secrets secret from others within and outside your industry. Fortunately, you don’t need to allocate a substantial portion of your budget toward upgrading IT infrastructure, implementing on-site security measures, and hiring dedicated staff to monitor how your secrets are protected and disclosed. Abacus Private Cloud’s GDPR-compliant hosting platform allows you to store your data beneath three layers of data, physical, and server security protections. This means that you and your employees can leverage robust user access controls, two-factor authentication, 256-bit AES encryption, SSL-A-rated data centers and more to protect your trade secrets from disclosure. Doing so will save you roughly $3,966 annually compared to on-site solutions.