Reference texts on data protection
At national level
The Data Protection Authority was established by the Belgian Federal House of respresentatives with the Act of 3 December 2017. This organic law regulates the structure and composition of the Authority. In addition, the General Data Protection Regulation and the Act on the protection of natural persons with regard to the processing of personal data are the most important working instruments of the Authority.
Act of 3 December 2017 establishing the Data Protection AuthorityGeneral Data Protection RegulationAct on the protection of natural persons with regard to the processing of personal data (implementation of Regulation 2016/679)
On 20/12/2018, the Belgian Federal House of Representatives approved the internal rules of procedure and the transitional rules of procedure of the Data Protection Authority
The internal rules of procedure drawn up by the executive committee contain the essential rules concerning the functioning of the bodies and the deadlines within which information, opinions and approvals mentioned in Article 20, § 1 of the Act of 3 December 2017 establishing the Data Protection Authority must be delivered.
In anticipation of the definitive appointment of the members of the executive committee and given the need to guarantee the continuity of the operation of the Data Protection Authority, it has been decided that transitional internal rules of procedure will be adopted until the new executive committee enters into office.
The GDPR also requires an adaptation of the sectoral laws having as legal basis the law of 8 December 1992 for the protection of privacy (Privacy Act). To this end, the Council of Ministers has approved a preliminary draft law establishing an information security committee. Pending the appointment of the members of this information security committee, the Sector Committee of the Social Security and Health and the Sector Committee of the National Register will continue to function temporarily in a limited composition and only with the powers that by virtue of the GDPR do not fall under the competence of the Data Protection Authority.
At European level
At international level
International Standards on the Protection of Personal Data and Privacy adopted in 2009 during the Conference of data protection Data Protection Authorityers in Madrid.
OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data.
ISO standards for the protection of privacy and personal data.
Reference texts on the protection of privacy and personal data adopted by the UN.