It has finally happened.

The Belgian Privacy Commission was once regarded as a toothless lion where its role was mainly passive in nature - giving advice and recommendations. Although it had the power to send warnings and denounce violations to the public prosecutor (only if a complaint first reaches the Commission), it was unable to sanction or do much else. This has resulted in violations of the Data Protection Law nationwide where companies and organisations fearlessly processed personal data according to their whims and fancies. The Privacy Commission has finally realised its inability to bite and is doing something about it.

On October 21, 2013, the Belgian Privacy Commission announced in De Standaard, its intention to set up a special investigation team which would actively seek out breaches of privacy. The Commission wants to play a more active role in checking whether companies or organisations are breaching privacy. By policing, it would be able to better protect the privacy of the individual and maintain law and order.

The initiative is said to have stemmed from recent data breaches:

• The National Railway Company of Belgium (NMBS/SNCB) stored personal data of 1.46 million customers  on a non-secure server which resulted in the leak of these data (which included first and last names, gender, date of birth, email addresses, phone numbers, and in some cases home addresses) whereby there was possible access by a mere online search engine query.

• Belgacom's (Belgium's largest telecoms company) internal IT systems had been breached and compromised with malware by a third party which enabled hackers to access telephone and online information.

Although this realisation has come in much later than preferred in comparison with the ICO, its UK counterpart, it is a move that must be applauded.

The gravity of the current situation where the protection of personal data is currently in shambles has reached its limit, and more than ever, the Privacy Commission needs stronger powers to tackle these breaches and safeguard the privacy of the individual. The Commission stated that the investigation team will in the first instance, look into companies and organisations which handle sensitive personal data such as insurance companies and hospitals and focus on a particular sector each year.

The Commission is also seeking to obtain the power to sanction non-compliant companies and organisations as the current situation is such that the Commission can refer violations to the courts, but this is regarded as an overkill. With such a power, the Commission would be able to make decisions such as to no longer allow an offender access to a particular database to render their operations and business more difficult or to revoke permission to build a database.

With this development, companies and organisations which are still relaxed in their attitude towards the protection of personal data and regard such protection as non-profitable, should re-think the business case of protecting personal data and have it as priority in their next budget before it is too late.