anonym.legal

By · Last updated 2026-06-05

Nazaj na blogGDPR in skladnost

APD Belgija: IAB Europe, finance in NIS2

Belgijski APD je izdal prelomno odlocitev o IAB Europe, ki zadeva digitalni oglasevski trg v vrednosti 220 milijard evrov. 82 izvrsevalskih odlocitev leta 2024.

June 5, 20268 min branja
Belgium APDIAB EuropeGDPR financial sectorNIS2 complianceEU data protection

APD Belgija: IAB Europe, finance in NIS2

Belgijski nadzorni organ za varstvo podatkov zaseda edinstveno mesto v EU. Drzava gosti sedeize EU in NATO. Ima vec globalnih bank in financnih organov kot katerakoli drzava clanica EU, razen Luksemburga. To daje Autorite de protection des donnees/Gegevensbeschermingsautoriteit (APD/GBA) sirokok doseg in vpliv.

Odlocitev glede IAB Europe

Februarja 2022 je belgijski regulator sprejel odlocitev proti IAB Europe. Primer je zadevalpreglednost in okvir soglasja (TCF). TCF poganja priblizno 220 milijard evrov digitalnih oglasov v EU letno.

Ugotovitev nadzornega organa: Niz soglasja TCF je osebni podatek. Povezan je s psevdonimnim ID-jem uporabnika. IAB Europe je bil imenovan za skupnega upravljavca. To ga je naredilo odgovornega za to, kako zalozniki in oglasevalna podjetja uporabljajo te podatke.

Globa 250.000 evrov je bila skromna. Pravi ucinki so bili bistveno vecji. Organ je zahteval celovit redizajn TCF. Vsak zaloznik v EU, ki uporablja orodje za soglasje, je to obcutil. Enako vsak oglasevalec.

PouK: celotnosektorska tehnologija lahko krsi GDPR. Na udaru ni le posamezno podjetje. Odgovornost se nosi celotna veriga. Nobena njena clena ni varna pred nadzorom.

Financni sektor: NIS2 in GDPR skupaj

Belgija je dom Evropskega bancnega organa, EIOPA in globalnega vozlisca SWIFT. Banke in zavarovalnice tam morajo izpolnjevati tako clanek 32 GDPR kot clanek 21 NIS2. Ti dve uredbi si delita precej skupnega.

Clanek 21 NIS2 doloca naslednja pravila:

  • Pregledi tveganja na cloveskem, fizicnem in digitalnem podrocju
  • Porocila o incidentih v 24 urah
  • Nacrti za ohranitev poslovanja
  • Varnostni pregledi dobaviteljske verige
  • Sifriranje podatkov v gibanju in mirovanju
  • Vecfaktorski nadzor dostopa

Clanek 32 GDPR doloca naslednja pravila:

  • Maskiranje in sifriranje osebnih evidenc
  • Moznost ponovne vzpostavitve dostopa po incidentu
  • Redno testiranje varnostnih kontrol
  • Na tveganju temeljecisé tehnicni varovalni ukrepi

Ti ukrepi se pojavljajo v obeh zakonih: sifriranje, nadzor dostopa, odziv na incidente in pregledi dobaviteljske verige. Trdni programi po clenu 32 GDPR izpolnjujejo vecino zahtev clena 21 NIS2. En sklopen nabor kontrol je naJucinkovitejsa pot. Oglejte si nas vodnik za skladnost GDPR za celovit pregled obeh zakonov.

Uveljavljanje leta 2024: kljucne teme

Belgijski regulator je leta 2024 izdal 82 odlocitev. Primeri iz financnega sektorja so porasli za 56 % v primerjavi z letom 2023. Izstopajo stiri teme.

Profiliranje brez soglasja: Banke, ki podatke o transakcijah uporabljajo za analizo potrosnje ali ponudbe izdelkov, morajo izpolnjevati pravila GDPR. Nadzorni organ je zavrnil "izboljsanje storitev" kot veljaven razlog, kadar se profiliranje zanasa na te podatke.

Kreditno ocenjevanje z AI: Clanek 22 GDPR ureja avtomatizirane kreditne odlocitve. Zahteva cloveski pregled in jasne razloge. Nekaterim fintech podjetjem so manjkali ti varovalni ukrepi. To je bila kljucna tocka nadzora.

Zlitje podatkov po prevzemih: Banke, ki so po odkupih zdruzile evidence, so pogosto krsile pravila o namenu. Prvotno soglasje ni pokrivalo nove kombinirane uporabe.

Outsourcing brez orodij za prenos: Podjetja, ki so IT delo poslala v tretje drzave brez ustreznih pravnih orodij, so se soocila z ukrepanjem. Primeri so zajemali Indijo, Maroko in Filipine.

Za podjetja z belgijskimi bancniskimi operacijami: usklajeni ukrepi GDPR in NIS2 so najboljsa obramba pred revizijo. Nas pregled varnosti in skladnosti pojasnjuje, kako dizajn brez poznavanja odstranjuje izpostavljenost pri viru.

Viri

Sorodni članki

GDPR in skladnost

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR in skladnost

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR in skladnost

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

Ste pripravljeni zaščititi svoje podatke?

Začnite z anonimizacijo PII z več kot 285 tipi entitet v 48 jezikih.

Začnite brezplačno preizkušnjoOgled funkcij

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.