The time has come. High time, in fact - given the numerous intentional and ignorant breaches that has occurred in the last decade.

Many organisations in Belgium, especially in the private sector have frequently set aside matters of data protection on the ground that no one ever gets caught in Belgium, and even if one was found out, the low risk of a fine meant that to spend resources (both monetary and manpower) was a waste of time. Profits are essential - and budgets are limited.

Coupled with the fact that the Privacy Commission's powers are quite restricted (having a mainly advisory role...), and seeing the lack of bite in previous breaches, complying with the duties set out by the Data Protection Law is just an unnecessary expense which no data controller in the business world wants to indulge in.

On December 7, 2011 in Brussels, Viviane Reding, Vice President of the European Commission, EU Justice Commissioner revealed plans to strengthen data protection by the choice of a type of legal instrument, new data protection rights and a new tool to ensure compliance with the new single data protection law in Europe.

As part of the effort to ensure greater data protection compliance, the powers of Data Protection Authorities in member states are to be strengthened so that they are able to effectively sanction breaches of the law.

In order to assist the authorities to enforce the new laws, a new Data Protection Board will be created from the current Article 29 Working Party. "When the reform will enter into force, a new European Data Protection Board will be created from the current Article 29 Working Party. Given its enhanced future responsibilities the Board should have an efficient and dedicated secretariat. How to do it? I think that this secretariat should be hosted by the European Data Protection Supervisor's office which would be a cost-effective solution drawing upon the ready-made experience of that office." said Reding.

She also went on to assure that it was not the intention of the European Commission to take over the enforcement of the data protection rules. "Last but not least, let me stress that the European Commission has neither the intention nor the means at its disposal to take over your role as interpreters and enforcers of data protection rules on the ground, or as decision-makers on individual cases. On the contrary, with the reform, you will have a fully independent secretariat at your disposal and better tools to develop a common legal doctrine."

The proposals for the new regime will also include the following:

• Individuals will get more rights that will be enforceable in the online environment and simultaneously, data controllers will be subject to stricter obligations.
• The principles of data minimisation and privacy by design will be strengthened.
• The right to be forgotten and the right to data portability are to be included.
• Adequate protection of children against abusive profiling or tracking on the internet.
• The administrative burden of compulsory notifications on personal data processing is to be reduced and prior checks are to be limited only to cases where they bring real added value. However, privacy impact assessments for risky processing will be introduced so that data protection is not undermined.
• Data breach notifications to be extended to all sectors and the role of data protection officers in the public sector and in large companies and in companies with risky processing will be strengthened.

If all goes well, and the proposals outlined become part of the new legal framework, EU will have a very promising data protection regime and data controllers will have little choice but to put protection of personal data first on their business agenda and make room in their limited budget to comply.