National registry number

It is not considered a privacy issue in the GDPR, but on the other hand, it is forbidden by law to use, store, or process the national registry number unless the one in charge has the authority to do so (e.g. a judge, a police officer, a government administration worker, ...).

It is very tempting to use this number as it immediately gives a unique identifier to each customer, in case of identical names / addresses / ..., but it may not be used. Even if a company reads your e-ID for the other information (name, address, DoB, ...) they must write down somewhere in the terms of agreement that they will not store or process your national registry number, as it is forbidden. It is also not allowed to have a copy (scan) of your e-ID.

On the other hand, it's pretty easy to calculate and they can't really do much with it except for identity fraud (which would be extremely rare). The chances of this happening are practically nonexistent, and there is no secret information hidden behind your national registry number unless they have access to police/juridical databases where they are used and you did some shady stuff in the past, but that's even more unlikely.

I wouldn't be bothered by it if they ask me and I'd give it anyway, but you can always deny to give your registry number (unless your employer somehow has the authority to do so, in which it should be listed somewhere).

/r/belgium Thread