On December 12, 2019, the Belgian Data Protection Authority (the “Belgian DPA”) released its draft 2019-2025 Strategic Plan (the “Draft Plan”). In the Draft Plan, the Belgian DPA describes its vision for the years to come, defines its priorities and strategic objectives and lists the necessary means to achieve its objectives.
The following are some of the key takeaways from the Draft Plan:
- The Belgian DPA will focus its actions on five sectors: (1) telecom and media, (2) public institutions, (3) direct marketing (including data brokers), (4) education and (5) SMEs.
- The Belgian DPA indicated that it will focus its actions on the following aspects of the EU General Data Protection Regulation (“GDPR”): (1) the role of the data protection officer (“DPO”), with a particular focus on companies that have appointed a DPO without allowing them to act in accordance with the GDPR; (2) the lawfulness of data processing activities, and more particularly the (abusive) processing of personal data based on the legitimate interests legal basis; and (3) data subjects’ rights, specifically the scope of some of these rights.
In the Draft Plan, the Belgian DPA indicates the need for a greater budget and more bandwidth to be able to implement its Strategic Plan, as its workload has considerably increased since the GDPR became applicable.