The EU directive that protects companies’ confidential expertise has been binding for EU firms since 9 June 2018. It was mainly implemented to provide a consistent definition of the term ‘trade secrets’ that varied in each country’s legislation. It also aims to determine the relevant protection measures. Its scope includes key factors influencing competitivity, such as innovation capabilities and expertise. In addition, it protects confidential information, including customer and partner data, strategy documents, finance and HR data, ensuring they don’t fall into the wrong hands.

What can companies do?

According to the new directive, a trade secret can only be classified as such if the company has implemented the appropriate secrecy protection measures. And that means companies must be able to prove in a court of law that they have taken the right precautions to secure the information in question.

Here are two approaches to protecting expertise:

Contractual secrecy protection measures

  • Non-disclosure agreements (NDAs): contractual confidentiality agreements provide reliable protection when working with customers and partners. It’s important to note that the terms of their use should be clearly defined and that the information being protected should be unambiguously delimited.
  • Reverse engineering: companies should always expressly forbid the production of replicas or copies of their products.
  • Employment contracts: your own staff could also be the source of a data leak. That’s why it’s essential to include NDAs in all your employment contracts. These clauses should be detailed and formulated differently depending on the position.
  • Sanctions: these motivate partners and others to comply with the agreements.

Technical and organisational secrecy protection measures

  • Passes and chip cards: companies should use these basic protection measures to limit access to their premises and to individual departments. That helps prevent unauthorised third parties from gaining access to your offices – or at least makes it much harder.
  • Need-to-know: each of your employees, partners and customers should only be given access to the information they really need. It’s also a good idea to keep a log of each time they access it.
  • USB is a no-no: the use of personal storage media like USB thumb drives and SD cards should be prohibited. That makes it more difficult to steal business information.
  • Prevention is better than cure: a final piece of advice is that you should use the appropriate type of encryption. This is made easier with high-security data storage solutions.


You are now obliged to implement secrecy protection measures and must be able to prove that you have done so. Now that companies have a clear and unambiguous definition of the term ‘trade secret’, it’s easier to take the right precautions and be much better prepared for a court case should any data be stolen.

Want to learn more about the EU Trade Secrets Directive? See our recent blog.

Brainloop,  Information Security

This could also be of interest:

Cryptic messages: an ABC of encryption

There have always been secrets. And people have been trying to protect their intellectual property from prying eyes for almost as long. For example, the…

On cloud 9? How we see data storage today

Analysts were already prophesising years ago that, sooner or later, cloud computing would play a decisive role in data storage and processing of digital information.…

IP management: protect your trade secrets and intellectual property

Data theft, hacker attacks, viruses and trojans – cyber-attacks have been increasing for years now and have become a familiar phenomenon in our society. But…



Brainloop AG
Theatinerstrasse 12
80333 Munich
+49 89 444 699-0