Belgian Data Protection Authority Publishes Review of Post-GDPR Activity

The Belgian Data Protection Authority (Belgian DPA) published a review of its activities in the six months since the EU General Data Protection Regulation (GDPR) took effect on May 25, 2018. This early report offers a window into the impact of the GDPR on companies, the public and the activity of at least one regulator’s office.  The review, available in French and Dutch, notes that since the GDPR came into force, the Belgian DPA has received 317 data breaches, most of which were reported from the health care sector, insurance companies, public institutions and defense, telecommunications and postal services, and financial services companies. The Belgian DPA has received…

READ MORE

Article 29 Working Party Provides Important Guidance about Data Protection Impact Assessments

Data Protection Impact Assessments (DPIAs) are critical to companies’ successful compliance with the General Data Protection Regulation (GDPR), and to their efforts to establish responsible, effective data governance within their organizations. Article 35 of the GDPR requires companies to conduct a DPIA when processing is likely to raise “high risk” to individuals. On August 6, we blogged about the advice of the Belgian data protection authority on this aspect of the GDPR. But the Belgian DPA did not issue its recommendations in isolation. The Article 29 Working Party (the “Working Party”) late last year adopted Guidelines on data protection impact assessments and determining whether processing is “likely to result…

READ MORE

Belgian Privacy Commission Issues Recommendation on Data Protection Impact Assessments

An important aspect of the General Data Protection Regulation (GDPR) that may be new to companies is the requirement set forth in Articles 35 and 36 that they conduct data protection impact assessments (DPIAs) when embarking on new data processing activities. While some organizations may have experience with DPIAs, often referred to as Privacy Impact Assessments in the United States, many may be unfamiliar with how they should be carried out and what data protection authorities look for when they review them. Companies may find help in the Belgian Privacy Commission’s Recommendation on Data Protection Impact Assessments and the prior consultation requirements provided for by Articles 35 and…

READ MORE