A private individual (plaintiff) – Complaint Upheld (Belgium, 2021)

The plaintiff lodged a complaint with the Belgian DPA after their former employer, the defendant, sent them the remaining money they were owed to an address obtained by consulting the national register for natural persons. The plaintiff argued that the defendant had not processed the data lawfully, since they had not consulted the register within its defined purposes. To this the defendant replied that they were unsure of their former employees' address and thought that the national register could be consulted in any case, because they had access to it within the scope of their profession. Can the collection by a notary of personal data contained in the national register for natural persons be justified by the sole fact that within the scope of their work they can already access said register? The Belgian DPA reminded the defendant that, notwithstanding the fact that notary was one of the professions allowed to consult the national register for natural persons, they should, pursuant to Article 3 of the Belgian law for organising a national register for natural persons, always do so for tasks that fall within their competence and are specific to the performance of their notary assignments. The register should therefore not be used for tasks that are common to any employer, such as sending mail to their employees or former employees. By consulting the national register for that purpose, the defendant processed data unlawfully, thus going against Article 6 combined with Article 5(1)(a) GDPR.