On June 2, 2025, the Belgian Data Protection Authority (GBA) will launch a new portal designed to streamline the management of notification and procedural tasks for organizations. As privacy professionals, understanding the operational shift this new platform introduces is vital for maintaining compliance with evolving data protection requirements.
Key Highlights:
– Transition to New Forms: From May 23, 2025, at noon, DPO registration and data breach notifications will no longer be processed through existing e-forms. Instead, dynamic digital forms will be operational from June 2, 2025, to manage DPO cases and report data breaches. This transition is essential for data privacy experts to facilitate accurate reporting and compliance.
– Grace Period for Data Breach Reporting: Recognizing potential disruptions, the GBA has instituted a grace period until June 9, 2025, for reporting data breaches discovered between May 21 and June 6. Privacy professionals should use “unavailability of E-forms” as justification for any delayed notification to ensure compliance.
– Expanded Portal Capabilities: Initially, the portal will support data breach management and DPO case handling. Future expansions throughout 2025 aim to expand access to individuals and introduce additional procedural capabilities, reflecting the growing demand for comprehensive data protection solutions.
– Guidance for Registered DPOs: Responsive to the changes, DPOs registered with the GBA will receive updates via their registered email addresses. It’s imperative to check both inbox and spam folders to ensure receipt. This communication will guide the adjustment of existing DPO registrations within the new portal.
– E-mail and Access Management: Only one email address can be registered per DPO for GBA communication. It’s crucial to update or verify contact information to avoid disruptions. Further, access to the portal will be determined through the Federal Authentication System (FAS), with the role ‘GBA_Documentum_Representative’ being pivotal for authentication.
– Role Assignment for Controllers: Controllers listed in the Crossroads Bank of Enterprises will need to assign the role ‘GBA_Documentum_Representative’ via Mijn eGov role management. This process ensures proper access for individuals managing data protection responsibilities.
This strategic implementation of the new GBA portal is a significant step towards more efficient data governance. Data protection specialists must prepare for this upcoming change by ensuring their systems, processes, and registrations are all aligned and compliant.
Original source link: [https://www.gegevensbeschermingsautoriteit.be/burger/nieuws/2025/05/23/binnenkort-nieuw-gba-portaal-voor-meldingen-en-procedures]