With the implementation of the General Data Protection Regulation (GDPR), EU member states have responded by enhancing their Data Protection Authorities (DPAs). Belgium replaced its Privacy Commission with the Data Protection Authority, which became effective May 25, 2018.
The Belgian DPA has new competencies under the country’s implementing regulation and is charged with providing information and assistance to entities covered by GDPR as well as investigating potential data breaches. The investigative body of the Belgian DPA has broad authority to execute its mission, with the law merely specifying that the means used must be “appropriate and necessary.” The body has numerous powers, including the abilities to conduct on-site inspections, take provisional measures including suspending processing operations, and seize documents or computers. Moreover, the DPA is authorized to impose sanctions in line with GDPR (e.g., 4% of worldwide turnover). The Belgian State Secretary De Backer has confirmed that extra funding will be provided to allow the DPA to accomplish its new role.
TIP: Country-specific authorities such as the Belgian DPA will be responsible for GDPR enforcement. Companies should monitor the DPA authority and guidance in the countries in which they operate in order to be prepared to comply with the GDPR.