It is customary practice that in the framework of assurance engagements (as defined in article 2.2. of the terms of business of PwC Bedrijfsrevisoren/Reviseurs d’Entreprises), personal data shall be processed.
Taking into account the strict legal obligation of independence as embedded in section 12 of the Act of 7 December 2016 organising the audit profession and its public oversight, the Belgian regulator has opined that for the above mentioned assurance engagements a registered auditor may only be regarded as a data controller.