You are here:
22 February 2019 / nieuws

List of processing operations requiring a DPIA updated

On 25 September 2018, the European Data Protection Board (EDPB) adopted Opinion 2/2018 on the draft list of the Belgian Data Protection Authority on processing operations for which a data protection impact assessment (DPIA) is required. Following this opinion, the Belgian Data Protection Authority updated its list of DPIA processing operations.

Update of the list of processing operations for which a DPIA is required

Updated DPIA list

The Belgian Data Protection Authority points out that the list (FR/NL) in question is not exhaustive and in no way affects the general obligation of the data controller to carry out a proper risk assessment.

In addition to the cases provided for in Article 35 (3) of the GDPR, a DPIA is in the view of the Belgian regulator always required:

  1. Where the processing involves the use of biometric data for the unique identification of data subjects in a public or private place accessible to the public;
  2. Where personal data are collected from third parties in order to be subsequently taken into account in the decision to refuse or terminate a specific service contract with a natural person;
  3. When health data of a data subject are collected automatically using an active implantable medical device;
  4. When data are collected on a large scale from third parties in order to analyse or predict the economic situation, health, personal preferences or interests, reliability or behaviour, location or movement of natural persons;
  5. Where special categories of personal data within the meaning of Article 9 of the GDPR or data of a very personal nature (such as data on poverty, unemployment, the involvement of youth services or social work, data on domestic and private activities, location data) are systematically exchanged between several controllers;
  6. In case of large-scale processing of data generated by devices with sensors that send data via the Internet or other means (applications of the “Internet of Things”, such as intelligent televisions, intelligent household appliances, connected toys, smart cities, intelligent energy meters, etc.) and where this processing is used to analyse or predict the economic situation, health, personal preferences or interests, reliability or behaviour, location or movement of natural persons;
  7. Where there is a large-scale and/or systematic processing of telephony, Internet or other communication data, metadata or data relating to the location of natural persons or leading to natural persons (e.g. wifi-tracking or the processing of passenger location data in public transport), where the processing is not strictly necessary for a service requested by the person concerned; and
  8. When it comes to large-scale processing of personal data where the conduct of natural persons is observed, collected, established or influenced, including for advertising purposes, in a systematic manner via automated processing.

The fact that a DPIA is required does not entail that a prior consultation with the Data Protection Authority must also take place. Prior consultation will not be required if the risk can be sufficiently limited by appropriate technical and organisational measures.



Belgian Data Protection Authority – again – imposes GDPR fines on public officers

Belgian Data Protection Authority – again – imposes GDPR fines on public officers

The Belgian Data Protection Authority (BDPA) is slowly but steadily becoming more active in enforcing the EU General Data Protection Regulation (GDPR). Just... lees meer
Belgian team collecting the award for 'Best Law Firm of the Year' during the Trends Legal Awards 2019

Loyens & Loeff Belgium wins two awards during Trends Legal Awards

We are delighted to announce that we have won not only the ‘Best Law Firm of the Year’ award, but also the award for 'Best Law Firm in Tax Law' from Trends Legal... lees meer
More clarity on the exemption of wage withholding tax for construction industry

More clarity on the exemption of wage withholding tax for construction industry

Since 1 January 2018 construction companies, that employ shift workers, can benefit from a substantial cut in payroll taxes. Recent legislation clarifies this... lees meer
Stay informed

Don't miss out. Stay up to date about our latest news and events.

Stay informed