In a decision of 29 July that it published today, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) examined the issue of who is controller in the case of an external auditor, as well as the limits to data subjects' rights to obtain a copy of personal data relating to them.

The case revolved around a request by a doctor, head of a radiology service in a hospital, to gain access to an audit report and specifically sections that related to her individually. The audit was carried out at the request of the hospital in question by an external expert.

Read here the analysis and comments by the NautaDutilh data protection team.

Related articles

Cookie notification

This functionality uses third-party cookies. Change your cookie preferences to view this content or view more information.
These cookies ensure that the website works properly. These cookies cannot be disabled.
These cookies can be placed by third parties, such as YouTube or Vimeo.
By deactivating categories, it is possible that related functionalities within the website may no longer work properly. It is always possible to change your preferences at a later time. View more information.