Infographic ‘1 year GDPR in Belgium’
25 May 2019
A year ago, the introduction of the new privacy legislation, the GDPR, caused a lot of commotion in the Belgian and European business world. But how is the situation regarding privacy in Belgium now, since 25 May 2018? How many data leaks, complaints and fines have occurred in our country? Take a look here at the one year GDPR infographic.
The run-up to (G)D(PR)-Day
Although the start date of the GDPR was announced well in advance and an implementation period of 2 years was foreseen, the new privacy rules brought a shock wave through the business community. After all, every company has been affected by the GDPR, although the extent to which this occurred naturally varies from company to company and sector to sector. The mere maintenance of e.g. personnel data, a customer database or a contact list of suppliers has implications. Moreover, it is not only European companies that are affected, but global companies or organisations that process European data have to comply with the GDPR. The rather hesitant attitude of many companies panicked as the deadline of May 25th approached. What about subscriber lists and prospecting data? What does a processing agreement entail? Is my company controller or processor on my website and what does all this mean? The threats from certain major companies to stop contracts if they could not demonstrate compliance with privacy rules, also made many companies nervous. As a result, specialist lawyers and consultants were hired massively. Our Privacy & IT team at De Groote - De Man also navigated many companies as pragmatically and smoothly as possible through the necessary GDPR process.And now what?
The avalanche of sanctions that companies feared did not occur in Belgium last year. Things were different in our neighbouring countries. In the Netherlands (€ 600,000) and the United Kingdom (€ 439,714), the alternative taxi service Uber was severely fined. Internet giant Google also received a financial fine of €50 million from the privacy authorities in France. And these are just two examples of companies that were convicted. (Read also: The non-compliance with GDPR costs Google €50 million) In Belgium, it remained quiet for the time being. Many companies are now asking themselves whether all the panic and effort was necessary. But is this true? What happened on home soil last year? Based on figures, we received from the Belgian Data Protection Authority (the "GBA") and our own experience as specialists, we drew up an assessment of one year of GDPR.1 year of GDPR: how is Belgium doing?
Download infographicComplaints submitted to the GBA: 328
In the past year, a total of 328 complaints were submitted to the GBA, the former Privacy Commission. By way of comparison: at the end of 2018, 9,661 complaints were submitted to the Dutch regulator, the Personal Data Authority.In Belgium, complaints are mainly about :
· Infringement of the data subject's rights
Data subjects (people like you and me) filed a complaint against companies that, for example, are not transparent about what data they have about them or what they do with it. According to the GDPR, a data subject has the right to know what data the company has about him/her and, if requested, to delete it as well. Failure to reply (properly) constitutes an infringement.· Direct marketing
These complaints mainly concern companies that send people commercial mailings or letters without having the required legal basis (e.g. permission/opt in) from this person to contact them for commercial purposes. We see that the GDPR thus stimulates many marketers to find new creative ways for online marketing activities.· Security cameras
In these cases, it concerns people who were filmed by a security camera and who wanted to know what would happen to those images and for what purposes they would be used.Data breaches reported to the GBA: 645
When a data breach occurs, a company is obliged to notify the GBA - within 72 hours of being notified - when it is likely that the personal data breach poses a risk to the rights and freedoms of natural persons. In the meantime, 645 such notifications have taken place. By way of comparison: in the Netherlands, 20,881 data breaches (15,400 since 25 May 2018) were reported to the Personal Data Authority in 2018.Notifications in Belgium came mainly from the following sectors
- Financial activities and insurance
- Human health care
- Public administration and defence
Number of fines issued by the GBA: 0
This is a striking figure, especially if you compare it with the number of fines handed out in other European countries..A comparison with some neighbouring countries*:
- Netherlands: 4 fines, totalling € 738 000.
- France: 8 fines totalling € 51 045 000.
- Great Britain: 31 fines (!), totalling approximately € 4 484 000.