Key topics covered in the guidance note include:

  1. Laws and regulations: summary of Belgian legislation and the roles of key supervisory authorities, including the Belgian Data Protection Authority (DPA) and Vlaamse Toezichtscommissie (VTC).
  2. Definitions: essential terms such as data controller, processor, data subject, personal data, and sensitive data, with references to Belgian law and GDPR.
  3. Privacy impact assessment requirements: main legal obligations, triggers, exemptions, and publication practices.
  4. Risk management: Criteria for risk assessment, mitigation, and handling residual risks, with practical tools and recommendations.
  5. Documentation: Required content, format, retention, and best practices for PIA records.
  6. Consultation: Guidance on engaging with authorities, data protection officers, and third parties, including when to consult data subjects.
  7. Enforcement: Overview of liability, penalties, and enforcement for non-compliance.

For questions about this publication or to learn how our team can assist with Privacy Impact Assessments and other data protection matters, reach out to one of our experts below.