In the meantime, the Council of State has issued a new decision (in French) that goes a bit further. It states that the data controller has to check for GDPR compliance in the technical specifications of public tenders. There is no mention about ‘significant’ data processing, which implies that GDPR verification should be done for all public tenders when data processing is involved.
There are a number of other Beltug members that need to follow public tendering procedures, and often the object of the public tender relies on personal data. For this reason, Beltug organised a Debate Room to look into and openly discuss the issues and requirements.
The discussion was set in motion by Jennifer Salat, Data Protection Officer at STIB-MIVB. Then the floor was opened for discussions.
Presentations from the event are available for our members (after login).
- STIB/MIVB User story: Setting the scene