top of page

The New Belgian Data Protection Law

Belgium adopted a law reforming the Belgian Privacy Commission. On 10 January 2018, the Belgian State Gazette published the announcement of the law establishing Data Protection Authority (DPA), which is set to enter into effect on 25 May 2018.

The law replaces the Belgian Privacy Commission with the Belgian Data Protection Authority (“DPA”) (Autorité de protection des données, Gegevensbeschermingsautoriteit – in French and Dutch, respectively).

Currently, the Belgian Privacy Commission has limited prosecutorial powers and not-so-effective sanctioning powers. The main purpose of this law was to ensure that the DPA can fulfill its tasks under the GDPR. The Data Protection Authority will be supported by an independent Review Council ("Reflectieraad"/"Conseil de reflexion”), and will have jurisdiction over the entire territory of Belgium.

While the EU-level GDPR provides for a greater degree of harmonization of the EU privacy rules, there still remains up to fifty different possibilities for national exceptions. These national particularities can result in additional requirements or specifications to the GDPR at national level (e.g. processing of HR data, minimum age of children for consent, situations where a DPO is mandatory).

This means that when it comes to the GDPR, it is not a “one and done” situation. Because the possibility for national legislation fragmentation, companies would be wise to monitor the developing data privacy laws not only on the European Union level, but as well as the Member State national level.


Recent Posts

See All

A new direction for the Argentine economy

A new government has recently taken office in Argentina. During the first 20 days of the new president there have already been severe changes: the president seeks to make a strong adjustment to stabil


bottom of page