The Belgian Data Protection Authority Appoints First Commissioner and Directors

On 29 March 2019, the Belgian House of Representatives appointed a new Data Protection Commissioner and four directors to the executive committee of the Belgian Data Protection Authority (‘DPA’).

These are the first appointments to be made to the DPA since it replaced the previous Belgian Privacy Commission in anticipation of the EU GDPR. This is therefore the first time that executive roles have been officially filled in the context of the regulator’s expanded competence – including the DPA’s new power to impose administrative fines of up to €20,000,000 EUR or 4 percent of an undertaking’s worldwide annual revenues for certain infringements of the EU GDPR.

The executive committee sets the strategic goals, the management agenda and the annual priorities of the DPA. Companies can therefore hope to gain a greater understanding of the DPA’s enforcement priorities in the months and years ahead.  In particular, the regulator has stated that it will publish information about its ‘vision and mission’ once its strategic plan has been drawn up.  Details of enforcement action against companies established or operating in Belgium may also begin to emerge in the not-too-distant future.

The appointees

The new Commissioner is named as Dr. David Stevens, who previously acted as the EU Data Protection Officer of a large multinational and who has a mix of academic, in-house and private practice experience.

The other appointees are as follows:

  • Director of the Knowledge Center – Alexandra Jaspar
  • Director of the Front Office – Charlotte Dereppe
  • Inspector General – Peter Van den Eynde
  • President of the Litigation Chamber – Hielke Hijmans

Commentators have praised the diversity of the appointees’ professional backgrounds.

The DPA’s activities to date

Since the entry into force of the EU GDPR on 25 May 2018, the previous members of the Belgian Privacy Commission have been carrying out the executive committee’s roles, but on an interim basis. It is perhaps for this reason that enforcement activity and the publication of new guidance by the DPA has been more limited when compared to other Supervisory Authorities such as the UK’s ICO and the French CNIL.

Nevertheless the DPA confirmed in a publication dated 23 November 2018 that the lack of a newly appointed executive committee has not prevented the DPA’s inspection and sanctions bodies from being fully operational, and that its first regulatory inspections have already commenced.