Belgium Data Protection Authority annual activity report 2018 published

The Belgian Data Protection Authority (DPA) has published its Annual Report 2018, illustrating the past year’s main achievements and development areas.

The Belgian Privacy Commission became the Belgian DPA on May 25th 2018, as the GDPR came into play. The new body comprises an Executive Committee and five further arms: the Knowledge Centre, the Litigation Chamber, the Investigation Service, the General Secretariat, and the Front Office.

The time period also saw the introduction of two new laws designed to create and reinforce the BDPA’s powers as an entity of investigation and formal sanction.

The total number of files received by the BDPA increased significantly in 2018, against the figures shown for 2017. A total of 7,182 cases were processed by the BDPA (an increase of 46% on 2017). This figure included 6,224 requests for information, 295 requests for mediation, 218 requests for investigation and 445 personal data breach notifications. The Belgian DPA also handled 215 requests for opinion in 2018, up from 90 requests the year before.

Most of all, requests for information related to the GDPR and DSARS (data subject access requests) and related rights, CCTV, direct marketing, notifications and rights to data subjects’ images.

The report observed that data breaches reported to the DPA were generally traceable to human error (28.09%), hacking, phishing and malware (22.70%), theft of materials (12.81%), system failure (10.56%) and incorrect use of access rights (5.17%).

The Annual Report also said that the Belgium DPA was notified of 3,666 data protection officers being elected in 2018.

For 2018, the Belgian DPA focussed on opinions on ID card chips, cooperation with the European Data Protection Board (EDPB) to collaborate on efforts regarding accreditation and certification at the EU level, cross-border codes of conduct, initiatives to raise privacy awareness among young adults and children, and a Facebook lawsuit involving the unlawful collection of cookies.

Join our free-to-attend digital event, Last Thursday in Privacy, addressing data protection, privacy and security challenges including working from home, COVID-19, global regulations and more. Visit

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered.