On May 25, 2020, the second anniversary of the GDPR, the Belgian Supervisory Authority (“SA”) released an overview of its first full year of activity (available in French here, and in Dutch here). To be clear, this was not a delay in reporting, but rather shows that the Belgian legislature was late in creating its oversight and enforcement authority for data protection.
According to the activity overview, the SA has received over 900 security breach notifications and around 350 complaints. It has performed over 100 inspections and imposed 59 sanctions, 9 of which resulted in fines for a total of €189,000. In fact, the SA has imposed the bulk of these fine amounts only in the last two months.