The General Data Protection Regulation (“GDPR”) applies as from 25 May 2018. In light of the often ambiguous and abstract provisions of the regulation, it is not surprising that many governments and companies struggle with the implementation of the new legislation and have to do their utmost to ensure timely compliance.
In the article « De Algemene Verordening Persoonsgegevens: van theorie naar praktijk - Le Règlement Général sur la Protection des Données: de la théorie à la pratique », recently published in the Belgian Commercial Law Journal (Revue de Droit Commercial belge – Tijdschrift voor Belgisch Handelsrecht) (available here), Karel Janssens and Marion Nuytten touch upon several capita selecta of the GDPR. First, they discuss the data subject's consent as a lawful basis to process personal data. The authors then analyse the new general notification obligation in case of personal data breaches, and they focus on the position and role of data protection officers. The authors conclude with an overview of the new Belgian Data Protection Authority.