One year to go: DPAs are sharpening their blades

Could you hear the clock ticking? As of today – companies have only one year to finalise their preparations for the GDPR implementation. Meanwhile several Data Protection Authorities across Europe are already practicing their bite on Facebook.

Luckily enough for the social network site, DPAs haven’t got their sharpest teeth quite yet. By now, most of us are aware that non-compliant organisations will face fines of up to 4% of global turnover once the GDPR is finally in full force. For Facebook, this could mean potentially coughing up a whopping one billion euros. Right now, the damage is limited to a measly 150k, the French DPA’s maximum fine.

Continue reading “One year to go: DPAs are sharpening their blades”

Will a new e-Privacy Regulation clip the wings of the GDPR?

On The 4th of April, the Article 29 WorkingParty (WP29) issued its opinion on a proposed e-Privacy Regulation (ePR).

While they praise many elements (the choice for a Regulation, complementary to the GDPR, the same authority responsible for monitoring compliance, inclusion of OTT providers…), they do identify 4 key areas of concern, where the proposed Regulation would undermine the level of protection offered by the GDPR. The e-Privacy Regulation is complimentary to the GDPR and is not meant to lower the level of protection offered to natural persons under the GDPR. The opinion of the WP29 however shows that the articles of the Regulation don’t always reflect this:

Continue reading “Will a new e-Privacy Regulation clip the wings of the GDPR?”

The 4 things you need to consider before appointing a Data Protection Officer (DPO)

On April 5, 2017, the Article 29 Working Party (WP29) adopted a revised version of its guidelines on data protection officers. Even though most of the changes are minor, WP29 introduces some new points which have to be carefully considered:

Continue reading “The 4 things you need to consider before appointing a Data Protection Officer (DPO)”

How to identify the Lead Supervisory Authority (LSA)?

On the 5th of April 2017, the Article 29 Working Party revised and adopted guidelines on identifying the lead supervisory authority (LSA) for controllers and processors in the context of cross-border processing. These guidelines will help controllers and processors to determine the single supervisory authority (one-stop-shop principle) with whom they will deal regarding their obligations under the GDPR. Even though the new guidelines do not differ much from the guidelines adopted on the 13th of December 2016, they attempt to introduce more clarity:

Continue reading “How to identify the Lead Supervisory Authority (LSA)?”

Van kitten tot tijger: de nieuwe Gegevensbeschermingsautoriteit

Het verzekeren van een hoge bescherming voor de rechten op privacy en gegevensbescherming in onze gedigitaliseerde en geglobaliseerde maatschappij, wordt steeds moeilijker. Om aan deze nieuwe ontwikkelingen te beantwoorden, heeft de Europese wetgever recent de Algemene Verordening Gegevensbescherming (“AVG”) aangenomen. Omdat het creëren van nieuwe rechten en verplichtingen alleen niet voldoende is om dit beschermingsniveau op te krikken, verplicht de GDPR de lidstaten om te voorzien in een toezichthoudende autoriteit die de nodige bevoegdheden heeft om de naleving hiervan te verzekeren. Zie hier de nieuwe Belgische “Gegevensbeschermingsautoriteit”.

Continue reading “Van kitten tot tijger: de nieuwe Gegevensbeschermingsautoriteit”

From kitten to tiger: the new Data Protection Authority

The challenge of ensuring high levels of data protection to citizens in our increasingly digitized and globalized society has led the Europeanlegislator to recently adopt the General Data Protection Regulation (“GDPR”). Knowing that creating new rights and obligations is not sufficient, the GDPR compels Member States to reform their existing supervisory authorities to ensure the proper application of the new rules. Enter the new Belgian “Data Protection Authority”.

Continue reading “From kitten to tiger: the new Data Protection Authority”

GDPR – PSD2: integrating both to ensure full compliance


The Revised Payment Service Directive (PDS2) is a directive focused on the further integration of an internal market in payment services. Third parties (Account Information Services Providers or AISPs and Payment Initiation Service Providers or PISPs) will have access to transactional data to analyse the transactional data and/or execute payments. The PSD2 is a directive which means that member states need to implement the directive into national legislation. The implementation deadline for member states is the 13th of January 2018. Even though Belgium has not yet implemented the directive in national law, the key changes are clear: financial institutions will need to give access to bank accounts to third parties when double consent is obtained.

Continue reading “GDPR – PSD2: integrating both to ensure full compliance”

Identifying the Lead Supervisory Authority: an easy task?

On the 13th of December, the Article 29 Working Party issued its guidelines for identifying a controller’s or processor’s lead supervisory authority (LSA). The aim is to assist organizations in determining who is their LSA when carrying out cross-border processing activities. This relates to the one-stop-shop principle intended to simplify the way in which organizations operating in several European countries interact with the European supervisory authorities. Correctly identifying the LSA is important as it determines with which authority an organization will cartier bracelets for women gold
have to deal regarding many of the GDPR compliance requirements such as registering a data protection officer; notifying a risky processing activity or notifying a data security breach.

Continue reading “Identifying the Lead Supervisory Authority: an easy task?”

Big Brother’s watching you, maar dit zijn je wapens!

rights of the data subject gdpr avg privacyOp 25 mei 2018 is het zover. Dan zal de nieuwe Europese General Data Protection Regulation (GDPR) de huidige Richtlijn Gegevensbescherming vervangen. De nieuwe verordening moet een betere gegevensbescherming bieden aan betrokkenen en noodzaakt heel wat bedrijven die persoonsgegevens verwerken tot ingrijpende veranderingen. Vanaf 2018 zal het immers mogelijk zijn om aan bedrijven boetes op te leggen tot 20 miljoen euro of 4% van hun wereldwijde omzet in geval van strijdigheid met de GDPR. Maar ook voor individuen luidt de GDPR een nieuw tijdperk in. De verordening bevat een reeks nieuwe beschermingsmaatregelen die ervoor zorgen dat de burger nog nooit zo sterk in zijn schoenen stond wat betreft zijn persoonsgegevens. Toch heerst er nog veel onwetendheid en onverschilligheid omtrent het thema.  Dit artikel somt de rechten van betrokkenen op die de GDPR voorschrijft.

Continue reading “Big Brother’s watching you, maar dit zijn je wapens!”