On November 23, 2018, the Belgian Data Protection Authority (the “Belgian DPA”) published a review of its activities since the EU General Data Protection Regulation (“GDPR”) became applicable on May 25, 2018 (the “Review”). The Review is available in French and in Dutch.

In the Review, the Belgian DPA makes the following observations:

The GDPR in Numbers
Since the GDPR became applicable, 317 data breaches were reported to the Belgian DPA. The majority of data breach notifications came from the following sectors: (i) health care, (ii) insurance, (iii) public institutions and defense, (iv) telecommunications and postal services, and (v) financial services.

In addition, since May 2018, 3,599 requests for information, 148 complaints, and 137 advisory files have been filed. Furthermore, 3,540 data protection officer appointment notifications have been filed with the Belgian DPA.

The Composition of the Belgian DPA
In the Review, the Belgian DPA looks at the impact of the GDPR on the composition of the old Belgian Privacy Commission. Among other changes, the Executive Committee was enlarged and an Investigation Service and a Litigation Chamber were created; however, members of the Executive Committee, the Knowledge Centre and the Litigation Chamber have not yet been appointed.

Controls and Sanctions
The Belgian DPA notes that it has launched its first investigations, but that no files have been transferred to the Litigation Chamber to date.

Opinions and Support
The Belgian DPA plans to continue its efforts to advise and provide guidance to both professionals and citizens regarding their new rights and obligations under the GDPR. In that context, the Belgian DPA published (or will shortly publish) several interviews and informational videos on its website (in French and in Dutch) on the GDPR and, in particular, on data subject rights and consent to data processing.