Less than a year has passed since the adoption of [Directive 2016/943 on the protection of trade secrets](http://eur-lex.europa.eu/legal-content/ES/TXT/?uri=CELEX%3A32016L0943). Since its implementation in national laws is not due until June 2018, it seems the topic has lost its momentum. In our opinion, this should not be the case. The relevance of the Directive is growing due to the fact that business models based on Big Data are exponentially increasing. Below is the reason for that. Briefly speaking Big Data refers to the collection, processing and analysis of huge amounts of data (personal or non-personal) in order to adopt decisions for business, research or public policy-related purposes. Data has thus become a very valuable asset for business (the fuel of the XXI century, according to some), but as explained by the European Commission in [its January Communication on the topic](http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1495539138845&uri=CELEX:52017PC0002), it is far from clear how this new intangible asset can be protected. And this is where the new Directive plays a very relevant role. Data produced or collected by a business cannot be protected as a data base under the copyright regime. The reason is that data is collected and process in an automatic manner. There is no human intervention that can be considered as an intellectual creation on the organization and collection of the materials incorporated to the data base ([Judgment of the CJUE of 1 March 2012, C-604/10](http://curia.europa.eu/juris/liste.jsf?num=C-604/10&language=ES), par. 38) Furthermore, data sets do not qualify either for protection under the sui generis right in [Directive 96/9](http://eur-lex.europa.eu/legal-content/EN/ALL/?uri=CELEX%3A31996L0009). In this case, the problem is that the protection is granted to the substantial investment in the collection of data, but not to the creation of that data. According to the CJUE in [Judgment of 9 November 2004, C-444/02, Fixtures Marketing](http://curia.europa.eu/juris/liste.jsf?num=C-444/02) (par. 40): _"the expression ‘investment in … the obtaining … of the contents’ of a database must ...be understood to refer to the resources used to seek out existing independent materials and collect them in the database, and not to the resources used for the creation as such of independent materials. The purpose of the protection by the sui generis right provided for by the directive is to promote the establishment of storage and processing systems for existing information and not the creation of materials capable of being collected subsequently in a database"._ So the only existing way for business to protect their data is by keeping it secret. Data sets are eligible for protection under the Trade Secrets Directive as far as are three requirements are met. First, they must be _secret_ in the sense that it is not, as a body or in the precise configuration and assembly of its components, generally known among or readily accessible to persons within the circles that normally deal with the kind of information in question. It is important to recall that data can become a trade secret not only when it is privately produced by a company. Public information can also become a trade secret as far as its combination with other data (public or private) is secret and it has commercial value. Second, they have _commercially value_. The fact that a data set by itself is not valuable does not automatically exclude it for protection. Data sets can gain commercial value when they are combined with other data sets. Third_,_ _reasonable steps to keep it secret_ are adopted. These reasonable steps shall include technological protection measures and confidentiality agreements entered into with employees, third parties collaborating with us, or third parties to whom all or part of that data is transferred to. The problem with trade secrets is that it does not grant an exclusivity right. That is, once the data is disclosed, while the right holder can make use of the defense actions provided for him in the Directive, it is not protected anymore. The Commission and certain scholars are studying the possibility to introduce a new exclusivity right for non-personal data. The proposal has several drawbacks and in any case its adoption may take years. Therefore, at this precise moment Data-based business should study the measures they need to take to ensure the protection of the data by the trade secret regime.