Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Belgium: Belgian DPA issues €50,000 fine to organisation for DPO appointment violation

The Belgian Data Protection Authority ('DPA') issued, on 28 April 2020, its decision ('the Decision') whereby it fined an organisation €50,000 for non-compliance with the obligation to cooperate under Article 31 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and for the appointment of the director of a department as the data protection officer ('DPO'), in violation of Article 38(6) of the GDPR. In particular, the Decision outlines that the appointed DPO worked as director of the internal audit, risk management, and compliance departments, which the organisation argued are all advisory in nature. Nevertheless, the Decision highlights that the DPO was insufficiently involved in the discussions of personal data breaches and that the organisation did not have a policy to prevent any conflicts of interest. Therefore, the Decision finds that the function of the DPO cannot be conducted in an independent manner and resulted in conflicts of interest. 

You can read the Decision only available in Dutch here and in French here.

Feedback