GBA
DATA PROTECTION
AUTHORITY
The Data Protection Authority ensures proper compliance with the GDPR. Below you will find an overview of the different procedures and how we can assist you
What is the Data Protection Authority?
De Data Protection Authority (GBA, also known as the Belgian Personal Data Authority)is the independent Belgian authority that oversees thecorrectcompliance with the basic principles of the protection of personal data contained in, among others, the GDPR, the Camera Act, and the Economic Law Code. In principle, every company must comply with these principles and in the event of infringement is subject to sanctions of up to EUR 20 million or 4% of its worldwide annual turnover, whichever figure is higher.
Each data subject has a number of rights with regard to your company based on the GDPR, and can also take the initiative to exercise these rights.to be enforced by the GBA(Data Protection Authority). This means that your customers, employees, business partners and any other contacts can use the Belgiandata protection authorityto take a closer look at potentially problematic data processing within your company and, if necessary, to have corrective measures taken and sanctions imposed in this regard. Naturally, the data protection authority can also act completely independently, for example if it has doubts about an intended processing (such as the installation of smart cameras on the Belgian coast).
​
What procedures exist for the GBA?
Whether or not at the request of a data subject, has the GBA contacted your company in connection withthe way in which your company handles personal data? Such a contact can be part of various procedures within which the personal data authority exercises its powers, and which take place for its various bodies:
​
Mediation procedure for the First Line Service
​
A data subject can always request the Primary Service of the GBA to mediate in connection with a data protection problem that he/she encounters with regard to your company. The GBA will then try to persuade the person concerned and your company to reach an amicable solution. An unsuccessful mediation can always be converted into a complaint.
​
Inspection by the Inspection Service
​
TheInspection Serviceof the GBA is authorized to investigate potential violations of the GDPR and other privacy regulations. The Inspectorate can do this, among other things, on its own initiative or on the initiative of the DPA Management Committee, if there are serious indications of an infringement. The Inspectorate can also act at the request of the Disputes Chamber (see below), if a complaint submitted by a data subject requires further investigation. The Inspectorate records its findings in an inspection report which, depending on the case, it submits to the competent body of the GBA or an externally competent body (such as the Crown Prosecutor in the case of possible criminal offences) with a view to further processing. In the meantime, it may already impose interim measures under certain conditions. In some cases, dismissal is also possible at this stage.
​
Proceedings on the merits before the Litigation Chamber
​
The Dispute Chamber is the administrative dispute resolution body of theGBA. It takes enforcement action in cases submitted to it on the basis of a complaint from a citizen, following an inspection on its own initiative by the DPA, and in cases submitted to it by supervisory authorities of other EU Member States. Depending on the complexity of the file, the Disputes Chamber will follow either the abridged or a full-fledged procedure.
Proceedings before the Disputes Chamber are very similar to legal proceedings, in which the parties can put forward their arguments by submitting them in writing.In concrete terms, your company will have to put up a defenceagainst the complaint (if there is one) and the findings of the GBA's Inspection Service (only if an inspection has been carried out). After that, another hearing can be held on request, during which the members of the Litigation Chamber will ask various questions about the file and your company's views on certain issues. Subsequently, the Litigation Chamber thoroughly analyzes the file and decides whether or not there are infringements of data protection legislation. In this context, it is authorized to impose administrative fines and other sanctions in addition to corrective measures. However, the following options also include: reprimands, warnings, (partial) dismissal and exclusion from prosecution.
The Litigation Chamber strives to to publish en can choose to include the name of your company in thedecisionwhen there are specific reasons to do so.
When you disagree witha decisionof the Litigation Chamber with regard to your company, your company has a period of 30 days from notification to lodge an appeal with the Brussels Market Court.
How can Mr. Franklin help you?
Today's privacy regulations are complex, are interpreted strictly and, in addition to the GDPR, can be found across a large number of specific legal texts. Theassistancefrom a specialized law firm such as Mr. Franklin is therefore strongly recommended in most cases. By acting as your contact person for the GBA, we can also facilitate smooth cooperation and thus reduce the chances of a (heavy)sanctionminimize, when we assist you in proceedings before the Litigation Chamber.
Your company can rely on the expertise of Mr. Franklin to defend your interests before the relevant bodies of the Data Protection Authority, being the First Line Service, the Inspection Service and the Litigation Chamber. The strategy will differ depending on whether it concerns a mediation attempt or a procedure before the Disputes Chamber, whether or not preceded by an inspection investigation. The proposed approach will also depend on the specific stage your file is in. We can of course also assist you in the context of a possible appeal procedure before the Marktenhof.
When providing our assistance, we are responsible for, among other things:
-
shaping the appropriate strategy into a concrete action plan
-
advising on the relevant processing processes and where useful proposing adjustments to existing processes to avoid repetition in the future
-
taking care of communication with the DPA, the complainant and any other parties involved, and preparing any external/public communications
-
defending your interests by preparing responses and defenses against the DPA and representing your company at any meetings or hearings.
mr. Franklin can always provide you with a non-binding offer for such assistance that is tailored to the nature and complexity of your file. Indeed, the intensity of our assistance will depend to a large extent on the concrete processing operations under discussion within your company and what steps have already been taken in the past with regard to data protection regulations.
Has the DPA contacted your company with questions related to data protection or even immediately with the notification that a procedure has been initiated before the Litigation Chamber? Then contact us without obligation and we will provide feedback with clear information about the possible options and how we can best assist you with a view to an optimal outcome of your file.
​
You can find further information about our services regarding GDPR atthis page find.
​
​
CONTACT USUS
For more information about our services, you can always contact us without obligation.
Oliver Sustronck
​
​
