Article 222 of the Belgian Data Protection Act provides for a fine of EUR 250 to EUR 15,000 in the following cases:
- processing of personal data without legal basis
- infringement of principles under Art. 5 or 28 GDPR
- processing which has been objected to in accordance with Art. 21 GDPR is continued without mandatory legal reasons
- third country transfer with grossly negligent or intentional infringement of Art. 44-49 or 66-70 GDPR
- disregard of instructions from the supervisory authority
- obstruction of the control work of the supervisory authority (or appointed third party)
- rebellion within the meaning of Art. 269 of the Belgian Criminal Code against employees of the supervisory authority
- receipt and/or use of expired certificates of non-accredited bodies within the meaning of Art. 42 GDPR
- obtaining certification in accordance with Art. 42 GDPR on the basis of false/incorrect documents
- appearing as an accredited certification body without the accreditation of the competent supervisory authority
- infringements of Art. 41-42 GDPR
