As a first step in Belgium’s privacy reform, a new law was published today setting up a Belgian Data Protection Authority (replacing the current Belgian Privacy Commission) in anticipation of the future applicability of the General Data Protection Regulation (GDPR). With this law, the Belgian Data Protection Authority acquires substantial investigative and judiciary powers, as well as new bodies which will be able to impose the sanctions introduced under the GDPR.
While the GDPR will provide for a greater degree of harmonization than the current regime , there are approximately 50 possibilities for Member States exceptions, additional requirements or specifications to the GDPR (e.g. in terms of processing of HR data, minimum age of children for consent, situations where a DPO is mandatory). These will be the subject of a separate piece of legislation, for which no draft is currently available.