With the emergence of Facebook, Instagram, and other online platforms that collect a wealth of personal data, along with the widespread use of cold mailing by telesales companies, there has been a lot of talk about protecting personal data.
The European Commission wants to curb the existing abuses with the implementation of the General Data Protection Regulation – AVG – which came into effect on 25 May 2018. This legislation aims to better protect citizens and creates a number of obligations for government agencies and companies.
Little distinction is made here according to the size or type of entity. As soon as you keep a file with personal data (right holder, customers, staff, suppliers, etc.), these are affected by these regulations. The impact of the GDPR is not always realized.
The General Data Protection Regulation (GDPR) – “General Data Protection Regulation” , in full de Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC .
This European Regulation entered into force on 24 May 2016. The regulation provided for a transition period of two years, so that the new rules came into effect on 25 May 2018. But in 2020, these rules are more NOT followed, especially by website builders and owners.
In contrast to the previous European legislation, this is a regulation: this means that the new rules are directly applicable in all Member States. Unlike a directive, the GDPR does not therefore need to be transposed into Belgian law.
The AVG brings a number of changes to certain federal and Flemish regulations:
On what basis can you lawfully process personal data?
PLEASE NOTE: Government agencies can NOT invoke “legitimate interest” in the performance of their duties.
The GDPR provides that both processors and controllers must comply with a number of principles when processing personal data.
Data processing must:
In addition, the GDPR provides for an accountability obligation . The accountability obligation means that, unlike in current privacy legislation, the processor must be able to demonstrate on what basis the processing took place. The burden of proof is reversed in the GDPR. So it is important to document agreements, permissions and the like.
Rights of data subject:
Is your website in order? Failure to do so can result in very high fines. the GBA can also have your website taken offline by DNS Belgium in case of violations of the GDPR.
If in doubt, you can request a GDPR scan. We will screen your website and/or other web solutions.