National Data Protection Law
Federal Law of 30 July 2018, that went into effect by publication in the Official Journal on 5 September 2018, repealing the Law of 8 December 1992. As with the other EU Member States that have passed their Data Protection Laws, this law: 1) mirrors the GDPR in general; and, 2) adds provisions regulating specific aspects.
Opening clauses and derogations
It is of particular interest that this law:
- lowers the age limit for consenting minors in relation to information society services to 13 years of age;
- introduces specific requirements for the processing of special categories of data: controllers should designate a person, bound by contractual confidentiality obligations, who is entitled to consult these categories of data;
- lays down restrictions on rights of data subjects (such as the right to information) when personal data are transferred to the Belgian intelligence agency;
- reconciles the right to the protection of personal data with the right to freedom of expression; and
- makes the infringement of Data Protection laws a criminal offence.
In Belgium, there is a general requirement under the General Data Protection Regulation for data controllers to notify personal data breaches to their regulator and in cases of likely high risk to the rights and freedoms of natural persons, also to them.
Is it Mandatory to Notify Individuals?
Yes, if the personal data breach is likely to result in a high risk to their rights and freedoms.
Is it Mandatory to Notify Regulator?
Yes, if the personal data breach is likely to result in a risk to the rights and freedoms of natural persons.
Data Protection Authority (DPA)
Commission de la protection de la vie privée
Rue de la Presse 35
Breach Notification Format
Minimum requirements: nature of the breach, categories and approx. number of data subjects concerned, name and contact details of the DPO, likely consequences, measures taken/proposed to be taken. Belgian regulator advises notifying through its downloadable 17-page electronic form containing a broad range of questions – accessible in French or Dutch.
National Data Protection Law
Law C − 2018/40581 of 30 July 2018
Belgium’s GDPR implementation law went into effect on 5 September 2018. It introduces specific derogations to Data Subjects’ rights and stipulates that violations to this law are criminal offences.
Last Updated: July 30, 2019
OneTrust is the #1 most widely used privacy, security and third-party risk technology platform trusted by more than 3,000 companies to comply with the CCPA, GDPR, ISO27001 and hundreds of the world’s privacy and security laws. OneTrust's three primary offerings include OneTrust Privacy Management Software, OneTrust PreferenceChoice™ consent and preference management software, and OneTrust Vendorpedia™ third-party risk management software and vendor risk exchange. To learn more, visit OneTrust.com or connect on LinkedIn, Twitter and Facebook.