En tant qu’employeur, suis-je concerné par le nouveau règlement européen sur la protection des données ?

Absolument, et ce peu importe la taille de votre entreprise. Dès que vous traitez des données à caractère personnel, c’est-à-dire des données qui permettent (in)directement d’identifier une personne physique, par exemple son nom, son numéro de compte bancaire, ses qualifications professionnelles ou les données GPS de son véhicule de fonction, vous êtes tenu de respecter … More En tant qu’employeur, suis-je concerné par le nouveau règlement européen sur la protection des données ?

Monitoring of an employee’s use of the Internet might violate his right to privacy if not properly done!

In its landmark decision of 5 September 2017 (Barbulescu v. Romania, 61496/08), the Grand Chamber of the European Court of Human Rights (ECHR) found that, in the case at stake and notwithstanding their margin of appreciation, the national courts failed to strike a fair balance between the competing interests of an employee’s right to privacy … More Monitoring of an employee’s use of the Internet might violate his right to privacy if not properly done!

Sports clubs, youth organizations, schools,… you are also obliged to comply with the GDPR !

You might think that data protection isn’t relevant to you and is for businesses. But you’d be wrong. Think about the data you do hold which could include members’ names, contact details, financial information,… In less than a year, on 25 May 2018, the EU General Data Protection Regulation (GDPR) will enter into force. There … More Sports clubs, youth organizations, schools,… you are also obliged to comply with the GDPR !

Que deviennent mes données virtuelles à mon décès ?

Ces données constituent le plus souvent des « données à caractère personnel », c’est-à-dire permettant d’identifier (in)directement une personne physique, tels qu’un nom ou un identifiant en ligne. Il suffit de songer aux profils affichés sur les réseaux sociaux ainsi qu’au contenu qui y est habituellement diffusé. Or, les personnes concernées bénéficient d’un certain nombre de droits … More Que deviennent mes données virtuelles à mon décès ?

HR managers: have you started your GDPR journey yet?

In less than 10 months, the EU General Data Protection Regulation (GDPR) will enter into force and, yes, you are part of the journey to compliance. Why ? Because you have access to a wide range of personal data and the GDPR places greater obligations on employers to inform employees how their data will be processed … More HR managers: have you started your GDPR journey yet?

Ensure at all times that your data processor implements appropriate technical and organizational measures; otherwise, you might be fined!

On 18 July 2017, the French Data Protection Authority (CNIL) imposed a fine of €40,000 on a rental car company for negligence. The latter did not sufficiently monitor the activities of its data processor. What happened? Personal data of tens thousands of members of its loyalty program (e.g. email addresses and driving license numbers) gathered … More Ensure at all times that your data processor implements appropriate technical and organizational measures; otherwise, you might be fined!

De bewijswaarde van de persoonlijke mails van een werknemer

In een arrest van 9 september 2016 spreekt het Nederlandstalige Arbeidshof van Brussel zich in het kader van een ontslag om dringende reden uit over de bewijswaarde van persoonlijke e-mails die in de professionele mailbox van een werknemer worden teruggevonden. Feiten In casu had de werknemer, een ‘recruitment consultant’, aan zijn werkgever gemeld dat hij … More De bewijswaarde van de persoonlijke mails van een werknemer

For your (privacy) records: who, what and how?

On 14 June 2017, the Belgian Privacy Commission published a recommendation (06/2017) on the records of processing activities by data controllers and processors, when required to do so under Article 30 of the GDPR (the “Recommendation”). As a reminder, the obligation to maintain – and update – a record containing the processing activities (such as … More For your (privacy) records: who, what and how?

Processing employee data in the digital era must be done properly

On 8 June 2017, the Article 29 Working Party, the independent EU advisory body on data protection and privacy, published an opinion (02/2017) on data processing at work (the “Opinion”). The upcoming entry into force of the GDPR has been taken into account and reference is also made to its opinion 8/2001 on the processing … More Processing employee data in the digital era must be done properly

Would my CISO be my DPO?

On 24 May 2017, the Belgian Privacy Commission published a recommendation (04/2017) on the designation of a Data Protection Officer (DPO) by public and private entities when required to do so under the General Data Protection Regulation (GDPR), especially as regards the combination of duties, such as Chief Information Security Officer (CISO) (the “Recommendation”). As … More Would my CISO be my DPO?