Ensure at all times that your data processor implements appropriate technical and organizational measures; otherwise, you might be fined!

On 18 July 2017, the French Data Protection Authority (CNIL) imposed a fine of €40,000 on a rental car company for negligence. The latter did not sufficiently monitor the activities of its data processor. What happened? Personal data of tens thousands of members of its loyalty program (e.g. email addresses and driving license numbers) gathered … More Ensure at all times that your data processor implements appropriate technical and organizational measures; otherwise, you might be fined!

De bewijswaarde van de persoonlijke mails van een werknemer

In een arrest van 9 september 2016 spreekt het Nederlandstalige Arbeidshof van Brussel zich in het kader van een ontslag om dringende reden uit over de bewijswaarde van persoonlijke e-mails die in de professionele mailbox van een werknemer worden teruggevonden. Feiten In casu had de werknemer, een ‘recruitment consultant’, aan zijn werkgever gemeld dat hij … More De bewijswaarde van de persoonlijke mails van een werknemer

For your (privacy) records: who, what and how?

On 14 June 2017, the Belgian Privacy Commission published a recommendation (06/2017) on the records of processing activities by data controllers and processors, when required to do so under Article 30 of the GDPR (the “Recommendation”). As a reminder, the obligation to maintain – and update – a record containing the processing activities (such as … More For your (privacy) records: who, what and how?

Processing employee data in the digital era must be done properly

On 8 June 2017, the Article 29 Working Party, the independent EU advisory body on data protection and privacy, published an opinion (02/2017) on data processing at work (the “Opinion”). The upcoming entry into force of the GDPR has been taken into account and reference is also made to its opinion 8/2001 on the processing … More Processing employee data in the digital era must be done properly

Would my CISO be my DPO?

On 24 May 2017, the Belgian Privacy Commission published a recommendation (04/2017) on the designation of a Data Protection Officer (DPO) by public and private entities when required to do so under the General Data Protection Regulation (GDPR), especially as regards the combination of duties, such as Chief Information Security Officer (CISO) (the “Recommendation”). As … More Would my CISO be my DPO?

Combien de temps dois-je conserver mes documents?

Il n’y a pas de réponse toute faite puisque différents délais peuvent trouver à s’appliquer. En réalité, cela dépend surtout de la nature de ces documents et de l’usage que l’on souhaite en faire. Ainsi par exemple, le Code des sociétés stipule que les « livres et documents sociaux » (par exemple le registre des … More Combien de temps dois-je conserver mes documents?

Email marketing: kind reminder of what you need to consider

As a matter of principle, the use of email “for advertising purposes” (i.e. “any communication with the direct or indirect objective of promoting the sale of products irrespective of the place or means of communication used”) is forbidden without a prior, free, specific and informed consent of the receiver of the email (“opt-in”), pursuant to … More Email marketing: kind reminder of what you need to consider

Greater access to public documents for journalists? Not so fast, my friend

Article 32 of the Constitution guarantees public access to administrative documents as a general rule. Among exceptions to that rule is Article 6 (§2) 2° of the Law of 11 April 1994 on the transparency of the public administration (the “Law”) that allows a relevant public authority to refuse access to a document where disclosure would … More Greater access to public documents for journalists? Not so fast, my friend

When a closed forum on the Darknet is actually a publicly accessible place

On 10 November 2016, the Court of Appeal of Antwerpen condemned an individual for illegally selling and exporting medicines, as evidenced by his presence and behavior on a Darknet forum. On 28 March 2017, the Court of Cassation dismissed the appeal lodged by the latter who argued that the findings collected by the police were … More When a closed forum on the Darknet is actually a publicly accessible place

Privacy and information security management : new guidance released

The Crossroads Bank for Social Security (CBSS) has recently published some rules that, at a minimum, must be adhered to when processing (personal) data within the social security system, as well as related guidelines (eg. data classification, cloud computing and incident management). Although primarily intended for the social security stakeholders, these provisions may also be of interest to … More Privacy and information security management : new guidance released