pe3check - stock.adobe.com
“For many, the focus is on compliance challenges and on the huge fines for non-compliance,” he told EEMA’s ISSE 2017 conference in Brussels.
But in reality, said De Backer, the GDPR is an expansion of the ability to manage the use of data, and one of Belgium’s key aims in implementing the regulation is to create a level playing field between the public and private sectors to enable data exchange.
Belgium’s approach is that the public sector should comply with the highest standards of data protection because government is often dealing with a lot of sensitive data, such as health data, social security payments and pension payments.
“The GDPR is also about enabling companies to know what data they have, securing that data, and managing that data effectively to enable them to identify new business opportunities,” he said.
According to De Backer, the GDPR is effectively creating a global standard for data protection, and is therefore an opportunity for European businesses to offer products and services worldwide that comply with this standard.
This, in turn, enables trust between organisations and their customers, which he said is essential to doing business online and will be important to most businesses well into the future.
With this in mind, De Backer said that Belgium, which was one of the first countries to put privacy into the portfolio of a government minister, is seeking to implement the GDPR in “the best possible way” and is currently finalising a complete reform of the country’s national data protection authority (DPA).
“We now have a much more modern, up-to-date, stronger, clearer and more transparent DPA, with one part focused on providing prevention guidelines and legal certainty, and another part providing a sanctioning mechanism,” he said.
Belgium’s new DPA includes a knowledge centre, which is aimed at ensuring organisations keeps up to date with new developments and technologies in the privacy arena, such as artificial intelligence, inspection services for compliance audits, a litigation chamber for applying sanctions, and an advisory chamber that advises on new laws.
“The new DPA will provide guidelines for businesses and create legal certainty, which is crucial for companies to take a step forward in terms of GDPR compliance,” said De Backer.
Another step that Belgium has taken around implementing the GDPR is to write the sanctioning mechanisms into law for increased clarity and transparency.
The process is detailed from complaints through to audits, inspections and potential outcomes, such as warnings and guidance, or sanctions where necessary.
Belgium is currently transposing into law the data protection directive for law enforcement and considering whether the DPA or a separate authority should oversee it.
“We also want to provide exemptions when it comes to archiving statistics, and for scientific research we really want to be very broad and very open so that innovation can continue to happen, even under the GDPR,” said De Backer.