2. 1. Kind reminder
Your main to do’s under GDPR
Impact / Risk Assessment
Action plan with “appropriate” measures
Data Processing Agreements + possibly Data Export Agreements
Data register
Information duties
Data Protection Officer
3. 2. What happened since May 2018?
National Data Protection Laws to “implement” GDPR (in Belgium last September 2018)
Data Protection Authority was launched (Gegevensbeschermingsautoriteit)
First spontaneous information requests by Belgian DPA
First background checks of DPO’s in the Netherlands
First fines in Germany, England, Spain, France
Belgium…?
4. 2. What happened since May 2018?
In our practice
A number of data breaches (also with clients in the travel industry)
Discussions on the content of Data Processing Agreements
Data Protection Impact Assessments on new apps, new processing activities
Start of DPO missions
Phishing expeditions (often initiating in Germany)
Consumer protection organisations investigations (Test-Aankoop)
5. 3. Misconceptions, questions and attention points...
Do I need a DPO? Can I still buy data? Can I still exchange data with partners?...
4 basic questions to answer all questions...
DO I have a legal ground?
Did I inform the data subjects?
Is the data stored and processed safely?
Is an activity “proportional” (data minimisation, purpose limitation, limited retention time, …)?
Attention point
Data breaches and how to (re)act
Data export limitations
Respecting information obligations (and avoiding unnecessary complaints)
“Saving” your existing database
6. 4. We’re not home yet…: ePrivacy Regulation
Another Regulation on privacy? Yes...
Number of problems not solved in GDPR
Timing: “probably somewhere in 2020” is the latest guess
will complement GDPR with a number of practical matters
7. 4. We’re not home yet…: ePrivacy Regulation
Review and simplification of cookie rules
Review and simplification of direct marketing rules
Stricter rules for telemarketing
Stricter rules on privacy protection of electronic communication
8. Helping hand
Code of Conduct
= “ethical code” of associations
Contain rules on how to handle data for their members
Can be approved by authorities
Association has to provide control/supervision
Advantage: once approved can create presumption of compliance with series of
obligations for association members
VEF …?
9. Media & advertising law
IP law
Internet & e-commerce
Privacy & data protection
Gambling law
Travel & consumer protection
Commercial & contracts
Corporate - tax - labour - real estate
bart@siriuslegal.be
www.siriuslegal.be
@BartVdBrande
Linkedin.com/in/bartvdb