Companies in Belgium could face dawn raids over privacy breaches

17 January 2018 12:18pm
Belgium Flag

12 January 2018. By Magnus Franklin.

Companies in Belgium suspected of data breaches or privacy breaches could face dawn raids from officials, under new powers for the country's bolstered data-protection authority.

The new powers are enshrined in a new law, adopted on Dec. 3, and published in the Belgian official journal this week.

The new authority for the protection of data will have six branches, one of which is an inspection unit.

This unit will be able to launch investigations on its own initiative, or when the management committee of the regulator has credible reasons to believe that a privacy violation is being committed, or where the authority's dispute-resolution chamber believes an on-site inspection is necessary to evaluate a complaint.

Raids can also be carried out as part of an international cooperation among privacy authorities, the law states.

Officials from the regulator will have the power to enter company premises at any moment, except in the case of organizations covered by professional-secrets rules or otherwise covered by laws limiting inspection powers. They will also be restricted from entering homes. In either case, a judge must approve the inspection, or the organization under investigation must agree to have officials enter the premises unsupervised.

Inspectors will also have the right to enter information systems and take copies of information in such systems, after approval by a judge. In the event that taking copies is not practical, agency officials can remove the devices they want to inspect, and people implicated in an inspection have the obligation to provide the necessary details for regulators to enter such information systems.

Inspectors will also have the power to test security systems, and put information systems or other necessary material under seal for a period of 72 hours.

The new General Data Protection Regulation in the EU, which will come into force on May 25, requires organizations handling personal data to put in place robust safeguards to guarantee the privacy of people in Europe. The rules are coupled with fines of up to 4 percent of worldwide turnover.

The new Belgian data-protection authority will replace the current commission for the protection of private life, whose mandate will end on May 24.

Countdown to the GDPR