BNIX, powered by Belnet, is preparing for the GDPR

Practical roll-out of the measures to comply with the GDPR

GDPR is the abbreviation for the European General Data Protection Regulation, which focuses on the transparency and control of the processing of personal data. As was previously announced, Belnet has taken the necessary precautions to be GDPR-compliant by 25 May 2018.  Various measures are now being simultaneously rolled out at Belnet. In this article, we deal with a few general measures that are aimed at developing Belnet privacy governance, on the one hand, and with a few measures that relate specifically to GDPR-compliance in the contractual relations with our BNIX Participants on the other hand.

General: Belnet privacy governance

In addition to the designation of the Belnet Data Protection Officer (DPO) and the draft of records containing all our personal data processing, we are busily recording the principles of privacy-by-default and privacy-by-design from the very start of our projects. When a project is started, Belnet project managers complete a few questionnaires which are then submitted to the DPO for advice. We ensure that data minimisation, personal data processing risk management, and accountability form the leitmotif through the project management.

We also include the GDPR requirements in public procurement specifications. It is important that our suppliers are also GDPR-compliant, not only in our internal operations but also in providing services to our BNIX Participants.

Compliance with the GDPR is also of prime importance in the other contracts that Belnet concludes, which range from employment contracts to contracts with BNIX Participants.  You will see below what this specifically means for the contracts with our BNIX Participants.

Specifically, processing BNIX Participants’ personal data in contracts

For the purposes of making the processing of BNIX Participants’ personal data GDPR-compliant when providing our services, we will take two specific measures by 25 May 2018:

  • There will be a new appendix to the contract.  The primary purpose of this is to transparently reflect the processing of the personal data of the participant’s contacts as prescribed by the GDPR. This relates to matters such as the purpose of the processing, the transmission of the personal data, and the retention period.
  • In addition where the data subject communicates his or her personal data directly to Belnet, he or she will again be requested to give his or her explicit permission to process such data. This is necessary to be able to comply with the stricter requirements of the GDPR on explicit permission.

New procedures: The data subject’s exercise of his or her rights and the notification obligation in the case of data leaks

The GDPR imposes two new procedures concerning access to personal data and the notification obligation in the case of data leaks. You will be able to find these procedures in the aforementioned documents.

Knowledge sharing and exchange with other DPOs

Do you have any questions on the GDPR at Belnet? Or are you a DPO in a Belnet member organisation and do you want to exchange your experiences with us? Do not hesitate to contact us at dpo@belnet.be.