CompanyBelgium

GDPR and public company data: what you need to know

BCE data is public, but does GDPR apply? Let's clarify the rules for using Company Belgium data.

January 30, 20265 min read

In brief

BCE company data (name, BCE number, registered office address) relates to legal entities and is not subject to GDPR. However, data tied to identifiable natural persons (directors, self-employed individuals) falls within GDPR scope. Using it is lawful if you can invoke legitimate interest, legal obligation, or contract performance as your legal basis.

GDPR and public data

The General Data Protection Regulation (GDPR) governs the processing of personal data in the European Union. But what about company data accessible through the BCE?

Company data ≠ personal data

What is NOT covered by GDPR

Data relating to legal entities is not personal data:

  • Company name
  • BCE/VAT number
  • Registered office address
  • Legal form

What IS covered by GDPR

Data relating to natural persons (self-employed, directors) may be personal data.

Our commitment

Our API only collects public BCE data, doesn't store your search results, and encrypts all communications. For AML use cases, our guide on automated KYC verification via the Company Belgium API explains how this legal framework applies in practice. For e-commerce, our article on legal obligations for e-commerce in Belgium clarifies what data you must display on your site.

Conclusion

BCE company data is public and its use is legitimate in a professional context. See also our article on searching for a Belgian company by BCE number and our guide on securing API keys best practices for safe API use.

Frequently asked questions

Is BCE company data subject to GDPR ?

Data relating to legal entities (companies, associations) such as the company name, BCE number or registered office address is not personal data under GDPR. However, data linked to identifiable natural persons such as a director's name or a self-employed person's home address does fall within GDPR scope. You must therefore assess the type of entity involved before processing data.

Which legal basis should I invoke to use BCE data in my application ?

Three GDPR legal bases (Art. 6) typically apply: legitimate interest (Art. 6.1.f) for supplier verification or commercial prospecting, legal obligation (Art. 6.1.c) for VAT or AML compliance, and contract performance (Art. 6.1.b) for the pre-contractual stage. Document the chosen basis in your processing register for each use case.

Can I display a Belgian company director's name on my website without violating GDPR ?

A company director's name is publicly accessible personal data via the BCE. You may display it if you have a valid legal basis, such as legitimate interest in a professional context (verifying a business partner). However, building a detailed profile or publishing information unrelated to the commercial activity may go beyond what the legal basis covers.

Does the Company Belgium API comply with GDPR in its data handling ?

Yes, the Company Belgium API only exposes public BCE data, does not log your search queries, and encrypts all communications over HTTPS/TLS. Servers are hosted in the European Union, satisfying GDPR data transfer requirements. You remain responsible as data controller for how you use the data retrieved through the API.

Ready to get started?

Create your free account and get your API keys in minutes.

Comments

Loading comments…

Leave a comment

Not published — used only to notify you.

Comments are moderated before publication.

Related articles