Belgium: Issued ruling in GBA investigation into Black Tiger Belgium regarding GDPR violations

On 16 January 2024, the Belgian Data Protection Authority (GBA) imposed a total of EUR 174'640 in administrative fines and corrective measures on Black Tiger Belgium, a big data and data management company, for multiple breaches of the General Data Protection Regulation (GDPR). The GBA found that the company had unfairly processed personal data without proactively and transparently informing the data subjects. The company was also found to have violated the rights of data subjects and failed to maintain a register of processing activities. The GBA's Disputes Chamber ruled that Black Tiger Belgium's legitimate interest in processing the data did not meet the necessary conditions under the GDPR. Further, the GBA found that the company failed to provide a complete response to the complainants' requests for access. The GBA imposed three different administrative fines on the company and ordered a series of corrective measures, including the termination of the B2B 'Data Quality' service until data subjects have been proactively and individually informed of the data processing carried out. The ruling can be appealed within 30 days.