The GDPR regulation has the purpose of protecting the personal data of individuals. From 25 May 2018, it imposes specific obligations for the processing of your staff’s personal data (obligation of information, keeping a register of processing activities, etc.).
For more information, we refer to our recent Infoflash of 6 July .
These rules are directly applicable in all Member States, ensuring uniformity within the different Member States. However, this must be read against the reality:
1. The GDPR regulation leaves considerable discretion to the Member States to individually establish detailed rules in the framework of the employment relationship.
For example, Belgium can impose stricter rules and conditions relating to the performance of the employment contract, the planning and organization of the work, the termination of the employment contract, etc. to protect the personal data of your workers.
To date, the Belgian legislator has not done anything yet for this.
2. Belgium already has a legislation protecting workers against the processing of their personal data:
- Personal data protection Act of 8 December 1992 regarding the processing of personal data;
- Collective bargaining agreement 68 – Camera surveillance;
- Collective bargaining agreement 81 - Monitoring of electronic on-line communication data (use of email, internet, etc.);
- Collective bargaining agreement 89 - theft prevention and exit control.
Must the Belgian privacy regulation be observed after 25 May 2018?
Obligation of notification
For example: if you install cameras in your company to protect your goods against theft, then you are obliged to notify the Privacy Commission of this under the current legislation in order to protect your workers who are filmed too.
In principle, this obligation of notification will be abolished as from 25 May 2018 and will be replaced by the obligation to keep a register of processing operations (Source: FAQ - Privacy Commission 10/2017).
This obligation of notification however is stipulated in the Act of 8 December 1992 on the protection of the workers’ privacy with regard to the processing of personal data. In principle, this Act is liable to changes.
Competences of the Privacy Commission
As from 25 May 2018, the Data Protection Authority (DPA) will be established as a successor to the Privacy Commission. The Data Protection Authority will enforce compliance with the GDPR regulation. To this end, it will be granted strengthened powers.
It will be composed of 6 bodies and will have different powers: inform and advise, investigatory powers, complaint handling, warn and sanction.
As all of this has only recently been laid down in the draft law of 11 August 2017, this is subject to certain conditions and reservations
National collective bargaining agreements on camera surveillance, monitoring the use of email and Internet, body search etc.
If no adjustments will be made in this regard, the employer will not only have to observe the European GDPR regulation, but also the Belgian collective bargaining agreements on privacy in the employment relationship.
In other words, if you, as an employer, have taken all the required measures to comply with the GDPR regulation, but you still have cameras in the company and/or you want to monitor the use of email and internet of your workers … then you will also have to comply with the additional obligations laid down in the above-mentioned national collective bargaining agreements. Please refer to our Infoflashes for more information:
- Camera surveillance: Camerabewaking op het werk: wat zijn de regels?
- Monitoring the use of email and Internet: Monitoring the use of email and Internet access v. the right to privacy: what can the employer do?
- Theft prevention and exit control: Privacy op het werk: mag de baas zijn werknemer fouilleren?
GDPR and the Belgian social legislation - Webinar
We will closely follow the Belgian legislative initiatives with regard to Privacy. As soon as we have a clearer picture of the European and Belgian measures, we are happy to give you a clear overview through a webinar.
We will be sure to keep you informed.
Sources: Act of 8 December 1992 on the protection of the workers’ privacy with regard to the processing of personal data; collective bargaining agreement No. 68 of 16 June1998 on the protection of the workers’ privacy as regards camera surveillance in the workplace; collective bargaining agreement No. 81 of 26 April 2002 on the protection of the workers’ privacy as regards the monitoring of electronic on-line communication data; collective bargaining agreement No. 89 of 30 January 2007 with regard to theft prevention and exit control in the workplace when they leave the company.