GDPR: some organisations may need a new DPO according to the Belgian Data Protection Authority

Through recent decisions, the Litigation Chamber of the Belgian Data Protection Authority (BDPA) has examined the role of the Data Protection Officer (DPO), the appointment of which is compulsory for several undertakings and organisations. The BDPA has set out its own interpretation of the requirements for this role, as well as the DPO’s tasks.

In each case, the Litigation Chamber concluded – in a manner that may lead to controversy – that the (internal and external) DPOs appointed did not meet the requirements of the GDPR. The deadline for filing an appeal is still running in relation to these decisions, but it is already useful to look at the Litigation Chamber’s position on this topic.

It remains to be seen what position the Luxembourg data protection authority will take on the position of the DPO. CNPD guidance on the role of the DPO can be expected in the coming months as the CNPD has investigated +/- 20 undertakings and organisations in 2019 and has indicated that it would publish some guidance on the obligation to appoint a DPO and the functioning of the latter.

Click here to read the full article

Source: Agefi - May 2020

Related articles

Counting down to DORA – governance of ICT risks and board member responsibility

ICT services: comparison of the ESMA and EBA outsourcing guidelines and DORA

DMA countdown - Perhaps the most important milestone: gatekeepers must ensure compliance

NautaDutilh IP team maintains strong standing in WTR 1000 2024

Counting down to DORA – Mapping and classification of ICT services

Privacy & data in the Benelux: five things you need to know in 2024

Benelux Competition Law in 2024: five things you need to know

Technology and the law in 2024: five things you need to know

Counting down to DORA – three key aspects

Strict liability regime in case of enforcement of invalid IP rights can be 'appropriate'

EU AI Act: three key insights on the world's first comprehensive AI law

The Chambers Technology & Outsourcing guide 2023

The Foreign Direct Investment Regimes Guide 2024

Life Sciences challenges and opportunities in Europe and the USA: key insights

Luxembourg FDI screening mechanism enters into force

A new era in patent litigation: five things to know about the start of the UPC

Update Luxembourg law on business licenses: three key insights

Third parties can intervene in BDPA proceedings and appeal its decisions

The law on the use of digital tools and processes in company law in force in Luxembourg

The competition dynamics in relation to cloud services

NautaDutilh assists founding shareholders of Route Mobile in selling majority stake to Proximus

Green light for EU-US Data Privacy Framework: a new era for transatlantic data flows

NautaDutilh named Benelux Trademark Firm of the Year at the 2023 Managing IP Awards

The law on the use of digital tools and processes in company law

Luxembourg: introduction of national FDI screening mechanism

Anke Holtland appointed to counsel Public Law

Upcoming EU legislation on artificial intelligence

NautaDutilh Luxembourg ranked in Chambers FinTech 2023

Best practices for drafting and updating data protection notices

EU Foreign Subsidies Regulation (FSR): five things you need to know

The EDPB provides for further guidance on the use of cloud solutions in line with the GDPR

Benelux Competition Law in 2023: five things you need to know

Dutch DPA letter to the government on PNR: enforcement threatens again with focus on proportionality

Data Protection in Belgium: the 2023 focus of the BDPA

The end-user and its avatar - data integrity risks and ethical challenges in the metaverse - Part one

NautaDutilh contributes to IAPP's Global Legislative Predictions 2023

Online platforms and search engines to publish average monthly active recipients (AMARs) in EU by 17 February 2023

Benelux Technology Law in 2023: five things you need to know

CJEU decision extending the scope of article 5(1) of the Damages Directive

UPC update: extension Sunrise Period, judicial appointments and more

GDPR & AML: no longer public access to UBO data without legitimate interest

A low degree of similarity?

No longer public access to UBO data without legitimate interest

DORA: the forthcoming EU legal framework on Digital Operational Resilience in the financial sector

Vincent Wellens on FATCA in the Paperjam

DORA the EU Regulation

NautaDutilh contributes to Technology Disputes Guide by Lexology

The Unified Patent Court: five things you need to know

Privacy and security concerns in the metaverse

Paying a tribute is not dishonest

VoetbalTV: Administrative fine permanently annulled without judgement on the 'pure commercial interest'

Luxembourg first member state to launch a certification mechanism under the GDPR

European Data Protection Board harmonises EU fining guidelines

New GDPR guidelines on fines on the way

Data protection impact assessments new EDPS recommendations

Heavy fines for Belgian airports for using thermal imaging cameras – what are the lessons for the other controllers?

Revamped CSSF outsourcing guidance for the financial sector

20 years of NautaDutilh Luxembourg

Public procurement in 2022: five things you need to know

NautaDutilh's Benelux IP-team stands out in WTR1000 2022

Our privacy experts Vincent Wellens and Yoann Le Bihan contribute to the IAPP’s Global Legislative Predictions 2022

Benelux Data Law: five things you need to know in 2023

Luxembourg IP & Technology Law: five things you need to know

Data Protection notices after the Whatsapp case: what's the message?

NautaDutilh Luxembourg ranked in Chambers FinTech 2022

The record fine for the Dutch Tax Administration from a legal perspective

Prohibition of online advertising in a list of e-mails or messages: a misstep by the CJEU?

Why all companies should care about the UN's cybersecurity & software update regulations: Lessons for all sectors

New rules on material IT outsourcing in the financial sector

NautaDutilh contributes to Technology Disputes Guide by Lexology

NautaDutilh assists SoftBank Vision Fund 2 with its Series C investment in Dutch scale-up SendCloud

NautaDutilh contributes to digitalization series by EACCNY

Long-awaited clarity on required safeguards for international data transfers

NautaDutilh's IP & Tech Law team recognised by Leaders League

Belgian DPA: fines prohibited in the absence of a prior order to comply?

The CNPD Publishes Several Decisions Following Investigations

Europe proposes first-ever statutory framework for AI

Insufficient cybersecurity measures under GDPR: 100k EUR fine in Belgium & key fines elsewhere

Regulatory changes in the audiovisual media sector