What to expect from a DPA investigation: an inventory of received questions
Whether based on a complaint or a general inspection, organisations can find themselves the subject of a DPA investigation. As part of this, the DPA may present the organisation with questions covering a broad range of topics, on everything from DPOs, to data, to DPIAs. To provide transparency, and help business users prepare for possible DPA requests or audits, Beltug’s Privacy Council has put together a 12-page paper with examples of real questions submitted to (anonymised) organisations by the DPA.
10 / 06 / 22
The role of the Belgian DPA (Data Protection Authority) is to ensure that organisations comply with the fundamental principles of data protection and privacy. To do this, it may carry out investigations, including collecting relevant information and documents from the organisation. Part of the information gathering is asking questions that provide an opportunity for the organisation to explain and prove its compliance with the law.
But what questions should a company expect when it is being investigated by the DPA? To help our members better prepare, the Beltug Privacy Council has have created an inventory of real questions that have been submitted to them by the DPA. This inventory is of course not exhaustive, but it can give organisations some insight into what information they may be required to provide.
The Paper is available to our members after login.