The Belgian DPA (hereafter referred as CPP, to reflect its official name, Commission for the Protection of Privacy) has issued GDPR-preparation recommendations in the form of 13 guidelines for companies processing personal data. The English-language summary below is taken from a law-firm website (link) (the originals were issued in French (link) and Dutch (link) only).
The good news is that the CPP has now set some priorities, giving data controllers and processors an idea of what the auditors will be looking for in the early days after the GDPR’s effective date. The bad news, at least as I see it, is not only is the guidance mostly vague, but also that there seems to be an embedded assumption that all of this is feasible within a short time frame. Continue reading “Belgian DPA recommends taking 13 steps now”