For Belgium, the biggest news so far for 2017 is the reform of the data protection authority in order to meet the GDPR requirements. The Belgian legislator has adopted a law transforming the current Belgian Privacy Commission into the Data Protection Authority (Gegevensbeschermingsautoriteit/ Autorité de protection des données). The proposal was submitted to Parliament on 23 August 2017 and the law was approved on 16 November 2017.

The successor to the Privacy Commission will change the face of personal data protection in Belgium through a thoroughly revised structure. The Authority should become a full-fledged regulator when it takes office on 25 May 2018. In the meanwhile, the current Belgian Privacy Commission has also been quite active and has issued various publications (NL/FR) and guidance notes:

  • on the recordkeeping obligation, including a template ‘data processing register’ in excel format (NL/FR),
  • on the DPO, focusing in particular on conflict of interest issues and the overlap with other functions within an undertaking (NL/FR),
  • on the DPIA requirement (NL/FR), and
  • on Big Data (NL/FR).

However, the Belgian GDPR implementation is not complete yet. A framework (implementation) law is still in the works and is hopefully presented in Parliament soon.