ASSISTANCE AT 
DATA LEAKS AND
PROCEDURES

Data breach assistance

​

What is a data breach?

​

When a personal data breach has occurred, you must report this within 72 hours to the Data Protection Authority (hereinafter GBA), unless the breach is unlikely to pose a risk to the rights and freedoms of the individuals involved.

 

Such a breach can be caused by malicious intent, such as a hacking of your computer or the theft of a smartphone that you use professionally. But sending an e-mail to the wrong address, losing a USB stick or leaving a file with a customer also constitutes a personal data breach in accordance with Article 33 GDPR.

 

If the breach poses a high risk to the rights and freedoms of the data subject, this person must be notified personally. You must therefore conduct a risk analysis for each incident to determine whether or not the incident constitutes a high risk. And here's where the shoe pinches. What is a sufficient (high) risk?

​

How can Mr. Franklin assist you in this?

​

mr. Franklin is available 24/7 to assist you with the evaluation of your data breach or security incident, the timely and correct notification to the Data Protection Authority (GBA) and the communication to the affected parties.

​

​

What procedures exist for the GBA?

​

Has the GBA contacted your company, whether or not at the request of a data subject, about the way in which your company handles personal data? Such a contact can be part of various procedures in which the GBA has itspowersexercises, and which take place for her various organs:

 

​

Mediation procedure for the First Line Service

 

A data subject can always request the Primary Service of the GBA to mediate in connection with a data protection problem that he/she encounters with regard to your company. The GBA will then try to persuade the person concerned and your company to reach an amicable solution. An unsuccessful mediation can always be converted into a complaint.

 

​

Inspection by the Inspection Service

​

The Inspection Service of the GBA is authorized to investigate potential violations of the GDPR and other privacy regulations. The Inspectorate can do this on its own initiative or on the initiative of the DPA Management Committee, if there are serious indications of an infringement. The Inspectorate can also act at the request of the Disputes Chamber (see below), if a complaint submitted by a data subject requires further investigation. The Inspectorate records its findings in an inspection report which, depending on the case, it submits to the competent body of the GBA or an external competent body (such as the public prosecutor in the case of possible criminal offenses) for further treatment. In the meantime, it may already impose interim measures under certain conditions. In some cases, dismissal is also possible at this stage.  

 

​

Proceedings on the merits before the Litigation Chamber

​

The  Dispute Chamber is the administrative dispute resolution body of the GBA. It takes enforcement action in cases submitted to it on the basis of a complaint from a citizen, following an inspection on its own initiative by the DPA, and in cases submitted to it by supervisory authorities of other EU Member States. Depending on the complexity of the file, the Disputes Chamber will follow either the abridged or a full-fledged procedure.

 

Aprocedurefor the Disputes Chamber is very similar to legal proceedings, in which the parties can put forward their arguments by communicating them in writing. In concrete terms, your company will have to defend against the complaint (if there is one) and the findings of the GBA's Inspection Service (only when ainspection investigationwas performed). After that, another hearing can be held on request, during which the members of the Litigation Chamber will ask various questions about the file and your company's views on certain issues. Subsequently, the Litigation Chamber thoroughly analyzes the file and decides whether or not there are infringements of data protection legislation. In this context, it is authorized to impose administrative fines and other sanctions in addition to corrective measures. However, the following options also include: reprimands, warnings, (partial) dismissal and exclusion from prosecution. 

 

The Disputes Chamber strives to: zas much of her decisions as possiblete to publish en may choose to include your company nameto make knownin the decision when there are specific reasons to do so. 

 

If you do not agree with a decision of the Litigation Chamber with regard to your company, your company has a period of 30 days from notification to appeal to the Brussels Market Court.

​

​

How can Mr. Franklin help you?

 

Today's privacy regulations are complex, are interpreted strictly and, in addition to the GDPR, can be found across a large number of specific legal texts. The assistance of a specialized law firm such as Mr. Franklin is therefore strongly recommended in most cases. By acting as your contact person for the GBA, we can also facilitate smooth cooperation and thus minimize the chances of a (heavy) sanction when we assist you in proceedings before the Disputes Chamber._cc781905-5cde-3194-bb3b -136bad5cf58d_

 

Your company can rely on the expertise of Mr. Franklin to defend your interests before the relevant bodies of the Data Protection Authority, being the First Line Service, the Inspection Service and the Litigation Chamber. The strategy will differ depending on whether it concerns a mediation attempt or a procedure before the Disputes Chamber, whether or not preceded by an inspection investigation. The proposed approach will also depend on the specific stage your file is in. We can of course also assist you in the context of a possible appeal procedure before the Marktenhof.

 

When providing our assistance, we are responsible for, among other things:

 

• shaping the appropriate strategy into a concrete action plan

• advising on the relevant processing processes and where useful proposing adjustments to existing processes to avoid repetition in the future 

• taking care of communication with the DPA, the complainant and any other parties involved, and preparing any external/public communications

• defending your interests by preparing responses and defenses against the DPA and representing your company at any meetings or hearings. 

 

mr. Franklin can always provide you with a non-binding offer for such assistance that is tailored to the nature and complexity of your file. Indeed, the intensity of our assistance will depend to a large extent on the concrete processing operations that are under discussion within your company and what steps have already been taken in the past with regard to data protection regulations. 

 

Has the DPA contacted your company with questions related to data protection or even immediately with the notification that a procedure has been initiated before the Litigation Chamber? Then contact us without obligation and we will provide feedback with clear information about the possible options and how we can best assist you with a view to an optimal outcome of your file. 

​

Further information about our services regarding GDPR can be found at  this page find.

​

​