The Data Protection Authority (DPA) is in charge of the enforcement of the General Data Protection Regulation (GDPR) in Belgium. As an administrative court, it has very broad investigative powers and can, among other things, impose fines in case of infringement, or even order the suspension or prohibition of data processing by a given entity (mainly companies).
Although inadequately funded and generally understaffed, the DPA nevertheless regularlyissues decisions on the processing of personal data by companies of all sizes.
The DPA detailed its priorities in a press release related to its funding request of November15th 2022 and thus warned the business community of its major focus points for theupcoming year.
The issue of cookies, which are present throughout the internet and are essential to thesmooth running of a digital economy, will be an important focus for 2023.
It will be closely monitored, as the approach to this issue has not yet been harmonized at aEuropean level. Both the action of the Belgian DPA and that of other more importantauthorities (including the French CNIL) will be closely monitored.
The role of Data Protection Officers (DPOs) will also be at the centre of the DPA's activities in the upcoming year. The DPO is indeed the DPA's ally in proceedings involving Data controllers and processors. The DPA will ensure that the DPO’s role is preserved by looking at their actual situation within the monitored undertakings.
In addition to these two key topics, the DPA also announces that it intends to take an interest in data processing related to Smart Cities, with aim at promoting prevention and dialogue. As Smart Cities remain a broad concept, this issue will likely be of interest to many stakeholders, institutional or not.
Another sensitive and recurring topic is that of data brokers, who specialize in collectingdata and reselling it, sometimes on a very large scale.
Finally, the priorities of the DPA do not exempt undertakings from complying with the rest ofthe Regulation. This will be the case both in terms of cybersecurity and international datatransfers.
In this respect, the entry into force of the Commission's new standard contractual clauses onDecember 27th should be kept in mind.
It is never too late to adapt if you have not already done so, or to run an audit of yourcontractual environment, as the cost of compliance never exceeds the consequences of alack thereof.