Privacy & Information Security Law Blog

On December 12, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) released its draft 2019-2025 Strategic Plan (the “Draft Plan”). In the Draft Plan, the Belgian DPA describes its vision for the years to come, defines its priorities and strategic objectives and lists the necessary means to achieve its objectives.

The following are some of the key takeaways from the Draft Plan:

• The Belgian DPA will focus its actions on five sectors: (1) telecom and media; (2) public institutions; (3) direct marketing (including data brokers); (4) education; and (5) SMEs.
• The Belgian DPA indicated that it will focus its actions on the following aspects of the EU General Data Protection Regulation (“GDPR”): (1) the role of the data protection officer (“DPO”), with a particular focus on companies that have appointed a DPO without allowing them to act in accordance with the GDPR; (2) the lawfulness of data processing activities, and more particularly the (abusive) processing of personal data based on the legitimate interests legal basis; and (3) data subjects’ rights, specifically the scope of some of these rights.
• The Belgian DPA will also focus on more general societal topics, including (1) pictures and cameras; (2) online personal data processing, including the use of cookies; and (3) sensitive personal data processing. In addition, the Belgian DPA indicated that it will also pay attention to artificial intelligence applications, as well as applications using biometric data.

In the Draft Plan, the Belgian DPA indicates the need for a greater budget and more bandwidth to be able to implement its Strategic Plan, as its workload has considerably increased since the GDPR became applicable.

The Plan will be subject to public consultation until January 7, 2019 (in French and in Dutch). After that, a final version of the Draft Plan will be published on the Belgian DPA’s website.

Read the draft 2019-2025 Strategic Plan (in French and in Dutch) and a summary thereof (in French and in Dutch). Read the Belgian DPA’s press release (in French).