Reform of Belgian Data Protection Authority still not put into practice
08/02/2019

Eight months after the arrival of the GDPR, the renewed Belgian Data Protection Authority still does not have an Executive Committee. The reason for this is that no candidate has been found with sufficient knowledge of the German language. As a result, the authority cannot start proactively investigating companies.

In the run-up to the entry into application of the GDPR in May last year, the Belgian Parliament adopted the DPA Act creating the new Belgian Data Protection Authority (DPA) as the successor of the former Privacy Commission. To ensure that it would be able exercise its newly acquired powers effectively, the DPA was divided into six bodies, among which the  Executive Committee (Directiecomité – Comité de Direction).

The Executive Committee is composed of the leaders of the other five bodies:

  • the director of the General Secretariat;
  • the director of the Knowledge Center;
  • the director of the Front-line Service;
  • the director of the Inspection Body (Inspector-General); and
  • the president of the Dispute Chamber.

The DPA Act provides that these 5 members must have a working knowledge of the second national language (French/Dutch) and at least one of them must have a working knowledge of German. Since the DPA will cooperate with authorities of other EU Member States, all members should also have a working knowledge of English.

Willem Debeuckelaere, who is currently acting as head of the DPA, has communicated that the authority is still looking for a candidate with sufficient knowledge of German. Previous language tests via Selor, the government's selection agency, did not result in a candidate who speaks sufficient German. As a result, the Executive Committee cannot start its enforcement activities. This makes it considerably more difficult to process complaints and inspect companies’ GDPR compliance level.

In addition, due to the absence of an Executive Committee, the Inspection Body does not have a separate director either. There are now two inspectors who, with the assistance of the secretariat, mainly focus on dealing with complaints. Proactive inspections, as already happening in the Netherlands, can therefore not yet be carried out in Belgium. 

As a result, Belgium is lagging behind in enforcing the GDPR. In Germany, Portugal and France, the respective authorities have already imposed the first fines. A German social network was fined EUR 20.000 for not having sufficiently secured its users' data. In Portugal, a hospital was fined EUR 400.000 for using certain data without permission. In France, Google was sanctioned with a fine of 50 million EUR for lack of transparency, inadequate information and lack of valid consent.

Related : Loyens & Loeff CVBA ( Ms. Stéphanie De Smedt ,  Ms. Valérie Verstraeten )

[+ http://www.loyensloeff.com]

Ms. Stéphanie De Smedt Ms. Stéphanie De Smedt
Associate
stephanie.de.smedt@loyensloeff.com
Ms. Valérie Verstraeten Ms. Valérie Verstraeten
Junior Associate
valerie.verstraeten@loyensloeff.com

Click here to see the ad(s)

Lastest articles by Ms. Stéphanie De Smedt

Members Belgian Data Protection Authority (finally) appointed
29/03/2019

On 28 March 2019, the members of the Executive Committee of the Belgian Data Protection Authority have been appointed by t...

Read more

First status update of Belgian DPA after six months of GDPR
07/12/2018

The Belgian Data Protection Authority (DPA) has issued a first status update six months after the GDPR became applicable. ...

Read more

Two Belgian Acts implementing / supplementing the GDPR adopted
03/09/2018

The process for the implementation of the General Data Protection Regulation (“GDPR”) is occurring in two phas...

Read more

EU-US Privacy Shield on the chopping block?
27/08/2018

The EU – US Privacy Shield was adopted in July 2016 as a replacement of the Safe Harbor regime, which was struck dow...

Read more

Lastest articles by Ms. Valérie Verstraeten

Members Belgian Data Protection Authority (finally) appointed
29/03/2019

On 28 March 2019, the members of the Executive Committee of the Belgian Data Protection Authority have been appointed by t...

Read more

First status update of Belgian DPA after six months of GDPR
07/12/2018

The Belgian Data Protection Authority (DPA) has issued a first status update six months after the GDPR became applicable. ...

Read more

Two Belgian Acts implementing / supplementing the GDPR adopted
03/09/2018

The process for the implementation of the General Data Protection Regulation (“GDPR”) is occurring in two phas...

Read more

EU-US Privacy Shield on the chopping block?
27/08/2018

The EU – US Privacy Shield was adopted in July 2016 as a replacement of the Safe Harbor regime, which was struck dow...

Read more

LexGO Network