Latest News

  1. A record number of inquiries and complaints

    Publication of the 2018 annual report

    The CNPD has presented its annual report with key figures for the year 2018 today at a press conference in Esch/Belval. The entry into force of the GDPR in 2018 has been accompanied by an increased awareness among professionals and individuals about data protection challenges and issues and has led to a significant increase in inquiries.
  2. First year of application of the EU General Data Protection Regulation

    Special Eurobarometer survey on data protection

    The European Commission published the results of a special Eurobarometer survey on data protection. The results show that Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated.
  3. European Data Protection Board

    1 year GDPR – taking stock

    Just a few days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities (SAs) of the EEA and takes stock of the Board’s achievements.
  4. The EDPB adopted its opinion on the clinical trials Q&A

    Following a request from the European Commission (DG SANTE), the European Data Protection Board has adopted an opinion on the clinical trials Q&A. The opinion addresses in particular the aspects related to the adequate legal bases in the context of clinical trials, and the secondary uses of clinical trial data for scientific purposes. The opinion will now be transmitted to the European Commission.
  5. Warning: attempted fraud - CNPD investigations

    Several organisations informed the CNPD that they had been contacted by private companies offering data protection consulting and audit services, stating that these services were allegedly executed under the mandate or on behalf of the CNPD. The CNPD hereby clarifies
  6. Attention: Phishing attempt by requesting access

    Several organisations have contacted the CNPD following the receipt of a request for access that seemed dubious. The CNPD immediately contacted the GovCert to check whether it is a legitimate email or a phishing attempt. It has indeed been confirmed that the demand that has come from the domain "" is classified as phishing.

Brexit Guidance

This guidance is provided in order to help companies, public bodies and Luxembourg associations that are transferring personal data to the United Kingdom, and which will continue such transfers after 31 October 2019. 


Commission nationale pour la protection des données

1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette

Tel.: (+352) 26 10 60-1

Submit a complaint


Would you like to be kept up to date on the CNPD? 

General Data Protection Regulation

Agenda / Key dates

Recent opinions

Article 29 Working Party

Introduction to data protection

  • The 10 commandments of data protection
  • Data protection:  What is it about ?