Key topics covered in the guidance note include:
- Laws and regulations: summary of Belgian legislation and the roles of key supervisory authorities, including the Belgian Data Protection Authority (DPA) and Vlaamse Toezichtscommissie (VTC).
- Definitions: essential terms such as data controller, processor, data subject, personal data, and sensitive data, with references to Belgian law and GDPR.
- Privacy impact assessment requirements: main legal obligations, triggers, exemptions, and publication practices.
- Risk management: Criteria for risk assessment, mitigation, and handling residual risks, with practical tools and recommendations.
- Documentation: Required content, format, retention, and best practices for PIA records.
- Consultation: Guidance on engaging with authorities, data protection officers, and third parties, including when to consult data subjects.
- Enforcement: Overview of liability, penalties, and enforcement for non-compliance.
For questions about this publication or to learn how our team can assist with Privacy Impact Assessments and other data protection matters, reach out to one of our experts below.
