Since Friday 25 May 2018 , every organization must be able to demonstrate which personal data it collects and how the data is used and secured.

All companies, public authorities, organizations and institutions that process, use, register or store personal data in Europe must comply with this directive.

The focus is on a number of data protection principles , which are also already in the current regulations, but which are reinforced in the new GDPR regulations:

• Lawful, fair and transparent processing of data. Every organization must request permission to collect and use data.
• The data must be correct and updated if necessary. Measures should be taken to correct inaccurate or incomplete data.
• The data must be processed to an adequate level of security by using appropriate technical and organizational measures.
• The personal data is obtained for a specified, explicit and legitimate purpose and may not be processed in a way that is incompatible with this purpose. In large organizations, a DPO (Data Protection Officer) must be appointed to monitor this. This must be someone with good legal knowledge in the field of data protection law, but also in the field of administrative law. In addition, a DPO must also have a good understanding of the processing activities performed, the information systems and the data protection and data security needs of the controller. A specific diploma or certification is not required Google derecho al olvido de españa.
• Only the data that is necessary for the stated purposes may be processed.
• The retention period of the data is limited and clearly defined. The personal data must become inaccessible after the established retention period has expired.

More information about the obligations related to the GDPR((opens in new window))can be found on the website of the Data Protection Authority (former Privacy Commission).

Data protection at the Flemish government

The Flemish government is working on the ‘My citizen profile’ project. In the future, your citizen profile will provide you with an overview of the information that the Flemish government (and by extension other authorities) has about you. If you notice incorrect data or have any questions, you can report them immediately. The reporting functionality allows the government to improve the authentic data.

Each service of the Flemish government must appoint a DPO ( Data Protection Officer ) who can answer questions about how that service processes personal data.