In the run-up to 25 May 2018, the Belgian Parliament had adopted an Act establishing the new Belgian Data Protection Authority (DPA) as successor of the former Privacy Commission and responsible authority for the enforcement of the GDPR in Belgium.

The DPA is in essence composed of six bodies, among which an Executive Committee, a Knowledge Centre and a Dispute Chamber, whose members were to be appointed by the Belgian legislator.

The candidacies for these positions were formally announced during the plenary meeting of 22 March 2019. It was also announced that, whilst Mr Willem Debeuckelaere (the President of the Belgian Privacy Commission and ‘ad interim’ President of the DPA) had applied for the mandate of the
President of the Dispute Chamber, he later on withdrew his candidacy.

Until yesterday, no members were however formally appointed due to strict language requirements.

For organisational reasons, the Parliament decided yesterday to only vote on the appointment of the members of the Executive Committee of the DPA. The appointment of the other members of the DPA will take place in the coming weeks.

Executive Committee of the Belgian DPA

The Belgian Parliament appointed the following persons as members of the Executive Committee (which are the Directors of the five other bodies):

  • Director of the General Secretariat: David Stevens (Dutch-speaking) 
  • Director of the Knowledge Centre: Alexandra Jaspar (French-speaking) 
  • Director of the Frontline Service: Charlotte Dereppe (French-speaking) 
  • Director of the Inspection body (Inspector-General): Peter Van den Eynde (Dutch-speaking) 
  • President of the Dispute Chamber: Hielke Hijmans (Dutch-speaking)

The members are appointed for a renewable term of six years.

What’s next?

Once the members of the DPA are all officially appointed, the DPA is likely to formally launch GDPR investigations and/or administrative enforcement actions against a number of companies.

It is rumored that such actions have already been thoroughly prepared in the past couple of months, which may result in a first wave of Belgian enforcement actions in the (very?) near future. With two of the Directors listed above having being active as practitioners / DPO’s for many years, we can only hope that the Belgian DPA will take a pragmatic and solution-oriented approach to GDPR enforcement.