Are companies always responsible if their employees cause a data breach under the General Data Protection Regulation (GDPR)? According to a recent decision by the Belgian Data Protection Authority (DPA), the answer appears to be yes, or at least in most cases. The Case In this case, a manager at a hospital accessed an employee’s […]
Belgian DPA
The Belgian DPA Issues Guidelines on AI
The Belgian DPA Issues Guidelines on AI When it comes to Artificial Intelligence (AI) systems, there are two EU regulations that have a significant impact on their use. These two Regulations are the well-known General Data Protection Regulation (GDPR) and the AI Act (AIA), which only came into force on August 1, 2024. Since then, […]
The priorities set by the Belgian Data Protection Authority for the 2023 Agenda
At the end of last year, in the context of setting the 2023 budget, the Belgian Data Protection Authority (Autorité de protection des données/ Gegevensbeschermingsautoriteit or APD) has highlighted the main topics that will be the focus of this year’s agenda, depending on the capacity of the authority, as the APD mentioned in its press […]
Belgian DPA issues €50.000 fine on an Organisation for non-compliance with GDPR DPO appointment procedure
The Organisation (defendant) designated their Head of Compliance, Risk and Audit as their Data Protection Officer (DPO). The DPA ruled that in doing so, the Organisation violated art. 38(6) GDPR which requires that any tasks of the data protection officer do not result in a conflict of interest. According to the defendant, no conflict of […]
Belgian DPA requires small companies using CCTV to maintain a record of processing activity
The APD/GBA (Belgian DPA) in April 2020 decided upon a complaint made in September 2018 with the authority.[1] The affected person claimed that he was filmed by CCTV of a store while walking outside on the sidewalk. The DPA investigated the complaint and requested from the store owner what can be expected: Storage period of […]