- IP - Data Protection Law
- Ann Vranken
- privacy , Data Protection Authority , Information Security Committee , controller , processor
Recently, and in addition to the new Belgian privacy law, the law establishing the Information Security Committee has also been published in the Belgian Official Gazette. This is the next step Belgium is taking in the context of the implementation of privacy legislation after the law establishing the DPA (Data Protection Authority).
The new privacy law definitively abolishes the 1992 privacy law and further implements certain aspects of the GDPR.
The law regulates the processing of personal data by controllers or processors :
The law regulates among others the following :
The controller or the processor is required to establish a list of categories of persons who have access to the processing operations that are considered necessary for important public interest reasons, to genetic, biometric, or health and safety data, or data on criminal convictions and infringements and related security measures. This list must be kept at the disposal of the Data Protection Authority (PDA). They must also ensure that the designated persons are required to observe the confidentiality of these data.
The law provides for a number of administrative and criminal penalties.
This body was created inter alia to compensate for the abolition of the sectorial committees of the former privacy commission.
The Information Security Committee consists of a social security chamber and a federal authority chamber and is composed of 8 effective members meeting certain competencies, appointed by the Parliament.
Among other things, the committee's task will be to check preventively whether the communication of personal data within the federal government, via the Crossroads Bank for Social Security or of health data, complies with the basic principles of the GDPR and to grant deliberations on this subject.
These deliberations have a general binding scope between the parties and towards third parties and may not conflict with superior legal norms.
The DPA (Data Protection Authority) can test these deliberations with higher legal norms and may ask the Information Security Committee to reconsider, for the future only, a deliberation on the points it has made.