APD/GBA (Belgium)

From GDPRhub
Autorité de protection des données

Gegevensbeschermingsautoriteit

LogoBE.png
Name: Autorité de protection des données

Gegevensbeschermingsautoriteit

Abbreviation : APD/GBA
Jurisdiction: Belgium
Head: David Stevens
Deputy: Alexandra Jaspar
Adress: Rue de la Presse 35 / Drukpersstraat 35

1000 Bruxelles / Brussel

BELGIUM

Webpage: dataprotectionauthority.be
Email: contact@apd-gba.be
Phone: +32 2 274 48 00
Twitter: n/a
Procedural Law: n/a
Decision Database: n/a
Translated Decisions: Category:APD/GBA (Belgium)
Head Count: n/a
Budget: n/a

The Belgian Data Protection Authority (DPA, Autorité de protection des données in French or GBA, Gegevensbeschermingsautoriteit in Dutch) is the national Data Protection Authority for Belgium. It resides in Brussels and is in charge of enforcing GDPR in Belgium.

Structure

The DPA consists of five bodies and an Executive Committee.

The Executive Committee is composed of Director of the General Secretariat, the Director of the Knowledge Center, the Director of the Front Line Service, the Inspector General and the President of the Litigation Chamber.

The five bodies of the DPA are the General Affairs Secretariat, the Front Office, the Knowledge Centre, the Inspection Service and the Litigation Chamber.

The Executive Committee

Headed by David Stevens, its responsibilities are:

  • To approve the annual accounts and decide on the annual budget, the annual report, the strategic plan and the management plan, including the annual priorities of the Data Protection Authority;
  • To determine the evaluation indicators concerning the implementation of the annual report, the strategic plan and the management plan;
  • To decide on the organisation and composition of the Data Protection Authority, including the internal mobility of the staff between the bodies;
  • To decide on the identity document model (inspections)

The General Affairs Secretariat

Headed by David Stevens, its responsibilities are:

  • To manage questions relating to human resources, the budget and the IT of the DPA;
  • To manage any legal matter relating to the management and operation of the DPA;
  • To manage internal and external communication.
  • To monitor the social, economic and technological developments that have an impact on the protection of personal data;
  • To give advice as part of the consultation by the controller responsible for the processing conducted by the DPA;
  • To approve codes of conduct;
  • To promote the introduction of certification mechanisms and approve certification criteria;
  • To draw up and publish the criteria for the accreditation of a body for the supervision of codes of conduct on the basis of Article 41 of Regulation 2016/679 and of a certification body on the basis of Article 43 of Regulation 2016/679;
  • To ensure the accreditation of a body for the supervision of codes of conduct on the basis of Article 41 of Regulation 2016/679;
  • To approve the standard contractual clauses and the binding corporate rules.

The Front Office

Headed by Charlotte Dereppe, its responsibilities are:

  • To receive the complaints and submissions sent to the DPA;
  • To initiate mediation procedures;
  • To promote data protection among the public, with a specific focus on minors;
  • To promote awareness among controllers and processors with regard to their obligations;
  • To provide the data subject with information regarding the exercising of their rights.

The Knowledge Centre

Headed by Alexandra Jaspar, the Knowledge Centre shall issue, either on its own initiative or upon request:

  • Opinions concerning any matter relating to the processing of personal data;
  • Recommendations relating to social, economical and technological developments that can impact on the processing of personal data.

The Inspection Service

Headed by Peter Van den Eynde, the Inspection Service is the investigating body of the Data Protection Authority.

The inspection service is assisted by a secretariat in the performance of its duties.

The Litigation Chamber

Headed by Hielke Hijmans, the Litigation Chamber is the administrative disputes body of the Data Protection Authority.

In performing its duties, the Dispute Chamber is assisted by a secretariat, which will also ensure the Registry’s duties.

Procedural Information

Applicable Procedural Law

Law of 3 December 2017 creating the Data Protection Authority (published in the Belgian Official Gazette of 10 January 2018) (Version in French) (Version in Dutch)

The internal regulations as approved by the Belgian Chamber of Representatives on 20 December 2018 and published in the Belgian Official Gazette on 15 January 2019 (Version in French) (Version in Dutch)

Complaints Procedure under Art 77 GDPR

You can help us filling this section!

Ex Officio Procedures under Art 57 GDPR

You can help us filling this section!

Appeals

You can help us filling this section!

Decisions database

For decisions given in French

For decisions given in Dutch

If you want to have a complete overview of the decisions given by the Belgian Data Protection Authority, you will have to do a research for/under the decisions given in French and also a research for/under the decisions given in Dutch. Indeed, unfortunately, the search tool of the Belgian Authority doesn't give full and complete results if you do your research only in one language.

Practical Information

The DPA provides an online form to submit a complaint:

The complaint can be sent by email to contact@apd-gba.be

The Belgian Authority sometimes publishes reports or documentation that can be useful for the companies in their compliance work.

On 1 October 2020, it publishes a small report helping the SME's to implement correctly GDPR: Report in French and Report in Dutch.

On 17 January 2020, the Belgian Authority publishes a Report regarding the personal data processing activities in the context of the direct marketing: Report in French and Report in Dutch.

Statistics

The annual report of the DPA for 2019 can be consulted at: https://www.autoriteprotectiondonnees.be/publications/rapport-annuel-2019.pdf (FR) and at https://www.gegevensbeschermingsautoriteit.be/publications/jaarverslag-2019.pdf (NL).

The annual report of the DPA for 2018 can be consulted at: https://www.autoriteprotectiondonnees.be/jaarverslag-rapport-annuel/fr/index.html

These reports include an overview of the activities of the DPA and statistics relating to opinions and recommendation published, to reported personal data breaches, to DPO registration and complaints handled.

EU/EEA/UK Data Protection Authorities
Austria · Belgium · Bulgaria · Croatia · Cyprus · Czech Republic · Denmark · Estonia · Finland (Åland) · France · Germany (Baden-Württemberg · Bavaria, private sector · Bavaria, public sector · Berlin · Brandenburg · Bremen · Hamburg · Hesse · Lower Saxony · Mecklenburg-Vorpommern · North Rhine-Westphalia · Rhineland-Palatinate · Saarland · Saxony · Saxony-Anhalt · Schleswig-Holstein · Thuringia ) · Greece · Hungary · Ireland · Italy · Latvia · Lithuania · Luxembourg · Malta · Netherlands · Poland · Portugal · Romania · Slovakia · Slovenia · Spain (Basque Country · Catalonia · AndalusiaSweden
Iceland · Liechtenstein · Norway · United Kingdom EDPS · EDPB