By Frederik Ringoot
The Belgian Data Protection Authority (BDPA) used the GDPR second anniversary as a milestone to issue a news alert with statistics on the actions it has taken since May 2019 (figures from 25/05/2019 to 20/05/2020).
|Reported data breaches||937|
|Complaints (incl. mediation requests)||351|
|Requests for advice on draft laws, decrees and decisions||128|
|Registered DPO’s (currently active)||5,416|
|Administrative fines imposed||9 (for 189,000 EUR in total)|
The BDPA emphasizes that, in the last year, it has heavily invested in awareness-raising and providing guidance (e.g. the direct marketing guidelines) and that it intends to keep doing so in the future (e.g. by organising DPO trainings, publishing guidance for SME’s,…). That being said, the news alert reads as a warning that the BDPA will enhance its inspections efforts (the BDPA also explicitly refers to its earlier request for additional funding for the Inspection Service):
“Up to now, our inspection policy has mainly been reactive: we have followed up the many complaints received. From now on, we also want to be more proactive with, for example, sectoral or thematic large-scale investigations on our own initiative. (…) We are also in the process of completing a major study on how a range of popular websites manage their cookies” (free translation of the quote by the president of the Inspection Service).
The update by the BDPA also includes the following quote by the President of the Dispute Chamber: “It is important that we choose our priorities carefully in order to work effectively and to draw attention to issues that have a major impact on citizens. Through our decisions, we aim to develop case law that will guide organisations processing personal data.” (free translation).
For some, the risk of getting fined by the Dispute Chamber always felt like playing a game of “Russian roulette” (correction: without any bullet in the gun 99% of the time). Now the Dispute Chamber seems to indicate that it is executing on its Strategic Plan 2020-2025, i.e. by imposing fines relating to the priorities in the Strategic Plan. We therefore refer to the action points listed in our earlier blogpost.
If you have any further questions, please contact the author or your usual DLA Piper contact person.