July 5, 2020

Volume X, Number 187

July 03, 2020

Subscribe to Latest Legal News and Analysis

Belgian DPA Releases Report for Second Anniversary of the GDPR

On the second anniversary of the EU General Data Protection Regulation (the “GDPR”), the Belgian Data Protection Authority (the “Belgian DPA”) published a Statement with some key GDPR-related numbers (the “Statement”).

Since May 2019, the Belgian DPA has received:

  • 937 data breach notifications;

  • 4,438 information requests;

  • 351 complaints;

  • 128 opinions requests on draft laws, decrees or orders; and

  • 5,416 data protection officer (“DPO”) notifications.

Since May 2019, the Investigation Service of the Belgian DPA has led more than 100 investigations. In the Statement, the Belgian DPA indicated that the Investigation Service had previously adopted a more reactive approach consisting of following up on complaints. From now on, the Investigation Service of the Belgian DPA intends to take a proactive approach and launch large-scale investigations relating to specific sectors or topics. For example, the Belgian DPA indicated it recently closed an investigation on compliance with cookie requirements across popular websites. In addition, in one year, the Litigation Chamber of the Belgian DPA imposed 59 sanctions, including 9 fines totaling €189,000. The Belgian DPA also was involved in several international cases with other European data protection authorities.

In the Statement, the Director of the Litigation Chamber, Hielke Hijmans, explained that the first aim of the Litigation Chamber is to actively and lastingly contribute to the effective protection of personal data and privacy by building case law that will guide organizations in their processing activities. Furthermore, David Stevens, President of the Belgian DPA, also stressed the importance of the Belgian DPA finding the right balance between monitoring the correct implementation of the rules and offering guidance to organizations on how to implement those rules. In light of this, the Belgian DPA has published a recommendation on direct marketing, launched a specific project for small and medium-sized enterprises and organized various events aimed at DPOs.

Read the Statement (in French and Dutch).

Copyright © 2020, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume X, Number 147


About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct