Employee Data Privacy

Belgium - GDPR National Laws

 Download as a PDF

GDPR Related National Laws & Modifications

The European Union’s General Data Protection Regulation (GDPR) sets a common standard for protecting personal data across the EU. It also allows member nations some flexibility to create additional provisions and limitations. Some examples, which may impact HR teams, include the ability for EU member states to:

  • provide “specific rules to ensure the protection of…employees’ personal data in the employment context” (Art. 88);
  • limit the transfer of “specific categories of personal data to a third country or international organization” if the country (or international organization) is deemed not to have adequate protections in place (Art. 49, (5)); and,
  • “determine the specific conditions for the processing of a national identification number or any other identifier of general application” (Art. 87).


arrowinsandDerogations in Belgium

Belgium has updated laws to align with the GDPR and has some collective bargaining agreements in place relating to protecting employee’s personal data.

The Law on the protection of natural persons with regard to the processing of personal data (July 2018) sets a few requirements. Under the Law, employers (and others responsible for personal data) are expected to take additional steps when processing genetic, biometric or health data, including:

  • designating the categories of individuals who can have access to personal health/biometric/genetic data and clearly defining their roles in terms of processing that data;
  • retaining a list of the categories of persons (and making the list available to the relevant supervisory authority if requested);
  • ensuring the individuals who are processing that data are legally or contractually bound to retain the confidentiality of that data.

Separately, designating a Data Protection Officer (DPO) may be required for employers (and others) who process personal data for or from Federal authorities if the data processing could result in a high risk to individuals’ rights and freedoms.

katie-montgomery-96671Works Council & Employee Notification Requirements

There are some cases where the works council or employees need to be informed prior to implementing technology that may impact employee privacy.

  • Collective Bargaining Agreement 68 of June 6 1998, places certain requirements on employers, including notifying the local works council prior to posting cameras in the workplace.
  • The updated Camera Surveillance Act (March 2018) includes the obligation to keep a register of camera surveillance related activities (including publicly disclosed visuals of where the cameras are placed) until video surveillance ends. In cases where an employer uses video surveillance, employees should be informed through a privacy policy. Note that recordings generally must be destroyed within one month.
  • The works council must be informed when an employer wishes to install an electronic communication data control system (Collective Bargaining Agreement 81 of 26 April 2002 on the protection of workers' privacy with regard to the control of networked electronic communication data). Monitoring the use of employee email and internet access is limited to what’s proportionally appropriate given the reason for monitoring. Permitted reasons are limited (ex. securing systems, preventing illicit/defamatory facts, protecting the financial interests of the company, etc.).


UKG's HR Compliance Assist team relies on a network of internal and external compliance experts and lawyers to provide clients with best practices and recommendations on topics such as HR document retention, employee data privacy, and HR electronic records. HR Compliance Assist also provides local compliance monitoring and alert services in select countries where UKG's customers have employees. HR Compliance Assist is a service exclusively available to UKG customers.

Share Your Feedback

Let's Talk