Financial Crime World

Belgium Enacts Tougher Data Protection and Cybersecurity Laws

In a move aimed at bolstering data protection and cybersecurity in the country, Belgium has introduced a raft of new laws that will impact organizations operating within its borders.

Data Protection

The General Data Protection Regulation (GDPR) has been a game-changer for data protection globally. In Belgium, this regulation is enforced through the Law on Electronic Communications and the Law on the Processing of Personal Data. These laws require organizations to implement measures to ensure an appropriate level of security, with Article 32 of the GDPR mandating:

  • Identification of risks specific to the situation
  • Evaluation of potential impact
  • Implementation of measures to mitigate those most likely to occur

Cybersecurity

Belgium has also introduced the Cyber Security Act (CSA), which aligns the country with the NIS Directive. This legislation primarily applies to:

  • Operators of essential services
  • Digital service providers

These organizations are now required to implement suitable and proportionate technical and organizational measures to effectively mitigate risks that may compromise the security of their network and information systems.

Critical Infrastructure

The Protection of Critical Infrastructure (CIA) law has been transposed into Belgian law, extending its reach beyond energy and transportation to encompass:

  • The financial sector
  • Electronic communications

While the CIA lacks specific cybersecurity provisions, it remains applicable to all conceivable risks capable of disrupting or crippling critical infrastructures, including those arising from the cyber realm.

Employee Surveillance

Belgium has also introduced new laws governing employee surveillance, with Article 22 of the Belgian Constitution protecting individuals against:

  • Arbitrary interference in their private life

The GDPR and Electronic Communications Law (ECL) further regulate the use of cameras for surveillance purposes, while collective bargaining agreements have been established to protect employees in relation to the surveillance of electronic online communication data.

Whistleblower Protection

In another significant development, Belgium has introduced the Whistleblower Act, which aims to:

  • Protect reporters of violations of union or national law established within a legal entity in the private sector
  • Encourage responsible and ethical behavior within organizations
  • Ensure that those who speak out against wrongdoing are protected from retaliation

Penalties for Non-Compliance

Finally, it’s worth noting that non-compliance with these new laws can result in significant penalties, including:

  • Administrative sanctions
  • Criminal sanctions

As such, organizations operating in Belgium would be well-advised to familiarize themselves with these regulations and ensure compliance to avoid potential consequences.