Each week in July and August, we focus on a different topic that has been scrutinized by the Belgian Data Protection Authority. With a few simple tips, your summer cocktail of data protection news will be complete.
As the summer is coming to its end, we hope our tips & tricks have been useful and we are of course always willing to further discuss some of these topics with you.
Nevertheless, in practice, we see that this golden rule is often not fully respected. This has not escaped the attention of the Belgian Data Protection Authority, which has imposed various sanctions on companies for failure to comply with the transparency requirements.
Below you can find an overview of “common mistakes”, together with some do’s & don’ts.
1. No correspondence with reality.
2. Forgetting about ‘further processing’ of personal data or other changes in your data flows.
Data collected for one purpose may become interesting to process for a new purpose other than that for which the data were initially collected. The data subject must be informed thereof prior to such further processing.
3. Not informing data subjects whose data you have obtained from a third party.
When you process personal data that you have not obtained directly from the data subject, but e.g. through a business partner, you should timely inform the data subject thereof (limited exceptions exist).
Don’t: assume that the third party from whom you received the data has lawfully collected the data and/or informed the data subject of the disclosure of their personal data to you.
4. Not specifying which legitimate interests you rely on.
If you rely on legitimate interests for processing personal data, you must specify such legitimate interests in accordance with article 13.1.d) GDPR.
Don’t: state, for example, in vague terms that the processing is based on your legitimate business interests.
Do: state, for example, that the processing is based on your legitimate interests as a company to promote your products or services towards existing clients for business development purposes.