2. • ° 2008: Monitor the transfer of personal data by flemish
government entities
• ° 2018 : Supervising data protection authority (DPA) for
the Flemish public sector
o (local) Government,
• Our task are described in art. 57 and 58 of the GDPR
o Advice, monitor, complaints, standardisation, promote awareness, report data leaks, etc.
• Belgian situation
o Flemish VTC & Federal DPA
• More info :
o https://overheid.vlaanderen.be/vlaamse-toezichtcommissie
Vlaamse Toezichtcommissie
QUID VTC ?
3. Who am I ?
• Jan Guldentops (°1973)
o I am building server, network and other ICT infrastructure
o for > 25 years
o Founder of Better Access (°1996) and BA (°2003)
o Open Source Fundamentalist (after hours)
o Strong practical background in the field of security and privacy
• Security “expert” by accident
o Documented the security problems of the first Belgian Internet bank. (
Beroepskrediet / Belgium Online )
o Right hand of big brother
o “Certified” Data Protection Officer
o Do a lot of R&D and testing (security, infrastructure, performance)
o Backup member of the VTC board
Vlaamse Toezichtcommissie
4. GDPR – one year
• The runup to may 2018 almost felt like it was 1999
(Y2K) all over again.
• That mix of real concern, panic, smooth sales,
apocalyptic thinking, not understanding …
• Lots of products, consultancy, privacy-washing,
etc.
• We didn’t explain the why enough
o Why is the protection of personal data so important The situation has
relaxed, companies and organizations.
Vlaamse Toezichtcommissie
5. Howto GDPR ?
• A combination of hard work, Common
Sense, following policies and not
reinventing the wheel
• We see a lot of shortcuts and easy way’s out
Vlaamse Toezichtcommissie
9. Smart use of technology:
encryption
Vlaamse Toezichtcommissie
10. Is personal data more secure now?
• Did the extra attention on documentation,
procedures and inventories diminish the real
work on security .
• Did it mean we put less time in the real security
work ?
o Security plan ?
o Real technical audits ?
o Etc.
• There is more than personal data to consider :
o PCI DSS
o Other regulatory rules
Vlaamse Toezichtcommissie
11. A couple of examples
Vlaamse Toezichtcommissie
13. Standstill ?
• Are we at a standstill ?
• Belgian DPA’s took some time to get organized.
• Commercial companies complain that they are
not doing a lot of business
• Not a lot of complaints / right enforced by
citizens
Vlaamse Toezichtcommissie
14. Important mission
• Teach our citizens to enforce their rights
o The right to be informed
o The right of access
o The right to rectification
o The right to erasure
o The right to restrict processing
o The right to data portability
o The right to object
o Rights in relation to automated decision making and profiling.
Vlaamse Toezichtcommissie