First status update of Belgian DPA after six months of GDPR
07/12/2018

The Belgian Data Protection Authority (DPA) has issued a first status update six months after the GDPR became applicable. The statistics show a remarkable increase in the number of data breach notifications, complaints and requests received.

 

Data breaches

Since 25 May 2018, 317 data breaches have been notified to the DPA. This is an enormous increase compared to last year, when only 13 data breaches were reported. This increase is obviously due to the fact that there was no obligation to report at that time (except for telecommunication companies or financial service providers).

The top 5 industries reporting data breaches are: (1) health care, (2) insurance, (3) public administrations and defence, (4) telecom and (5) financial services.

Complaints

In addition, the DPA reports to have received 148 complaints in the past six months, which comes down to almost one complaint per day.

This amount has increased compared to 2017 (when only 76 complaints were received). It is, however, negligible compared to our neighbouring countries, who reported to have received a lot more complaints in the period following 25 May. The CNIL reported that after four months it had already received 3.767 complaints. In the Netherlands, the first six months of the new privacy law yielded more than 7.000 complaints. In both cases, the number of complaints in relation to the number of residents is much higher than in Belgium.

Other figures

The DPA has released some other noteworthy figures. Since 25 May, the DPA has received:

3.599 information requests (compared to 2.145 information requests in 2017);
137 requests for advice (compared to 44 requests for advice in 2017);
2.551 notifications of the appointment of a DPO (compared to 989 notifications before May 2018).


Furthermore, the DPA announced that the number of cases has increased exponentially under the application of the GDPR. In 2017, the Authority handled just under 5.000 core cases, while for 2018 this number will exceed 7.000.

First investigations

Lastly, the DPA announced that it has meanwhile started its first investigations. No cases have yet been transferred to the Dispute Chamber in order to be dealt with on the merits (fore more information on the different bodies within the DPA, see our previous newsflash). Unlike Germany, Portugal and Austria, no fines have been issued yet.

On this point, the DPA is running a bit behind our neighbouring countries, who have started their first systematic inspections already at the beginning of the summer and who have already imposed a large number of warnings and sanctions.

It now looks like the DPA is getting up to speed, although it should be remembered that the members of the DPA still have to be formally appointed by the Parliament. As soon as the DPA will be fully operational, it will undoubtedly increase its advisory, inspection and sanctioning activities.

Voir aussi : Loyens & Loeff CVBA ( Mr. Yves Van Couter ,  Ms. Stéphanie De Smedt ,  Ms. Valérie Verstraeten )

[+ http://www.loyensloeff.com]

Mr. Yves Van Couter Mr. Yves Van Couter
Partner
yves.van.couter@loyensloeff.com
Ms. Stéphanie De Smedt Ms. Stéphanie De Smedt
Associate
stephanie.de.smedt@loyensloeff.com
Ms. Valérie Verstraeten Ms. Valérie Verstraeten
Junior Associate
valerie.verstraeten@loyensloeff.com

Derniers articles de Mr. Yves Van Couter

Members Belgian Data Protection Authority (finally) appointed
29/03/2019

On 28 March 2019, the members of the Executive Committee of the Belgian Data Protection Authority have been appointed by t...

Read more

Two Belgian Acts implementing / supplementing the GDPR adopted
03/09/2018

The process for the implementation of the General Data Protection Regulation (“GDPR”) is occurring in two phas...

Read more

EU-US Privacy Shield on the chopping block?
27/08/2018

The EU – US Privacy Shield was adopted in July 2016 as a replacement of the Safe Harbor regime, which was struck dow...

Read more

Belgian rules on use of surveillance cameras revised
16/08/2018

On 21 March 2018, the Belgian Parliament adopted a law amending the Belgian Camera Act of 2007. The primary goal was to cr...

Read more

Derniers articles de Ms. Stéphanie De Smedt

Data Protection Authority publishes Annual Activity Report for 2018
10/05/2019

On 25 April 2019, the Data Protection Authority (DPA) published its Annual Activity Report for 2018, highlighting the main...

Read more

Members Belgian Data Protection Authority (finally) appointed
29/03/2019

On 28 March 2019, the members of the Executive Committee of the Belgian Data Protection Authority have been appointed by t...

Read more

Reform of Belgian Data Protection Authority still not put into practice
08/02/2019

Eight months after the arrival of the GDPR, the renewed Belgian Data Protection Authority still does not have an Executive...

Read more

Two Belgian Acts implementing / supplementing the GDPR adopted
03/09/2018

The process for the implementation of the General Data Protection Regulation (“GDPR”) is occurring in two phas...

Read more

Derniers articles de Ms. Valérie Verstraeten

Data Protection Authority publishes Annual Activity Report for 2018
10/05/2019

On 25 April 2019, the Data Protection Authority (DPA) published its Annual Activity Report for 2018, highlighting the main...

Read more

Members Belgian Data Protection Authority (finally) appointed
29/03/2019

On 28 March 2019, the members of the Executive Committee of the Belgian Data Protection Authority have been appointed by t...

Read more

Reform of Belgian Data Protection Authority still not put into practice
08/02/2019

Eight months after the arrival of the GDPR, the renewed Belgian Data Protection Authority still does not have an Executive...

Read more

Two Belgian Acts implementing / supplementing the GDPR adopted
03/09/2018

The process for the implementation of the General Data Protection Regulation (“GDPR”) is occurring in two phas...

Read more

LexGO Network