Print this page



The General Data Protection Regulation will be applicable from 25 May 2018. The new legal framework will establish a single set of data protection rules in the EU and will replace the EU Directive of 1995 and the Luxembourg Data Protection Act of 2002. It is important that key individuals and decision-makers in your organisation are aware of the latest developments. They should be able to assess the consequences of the new legal framework on their organisation and prepare for its arrival. Please register by sending an e-mail to (by 11 October 2017) and specify the session in which you want to participate.
Read more


The annual general meeting of the data protection association ‘Association pour la Protection des Données au Luxembourg’ (APDL) held on 14 June 2017 provided an opportunity for the national data protection commission (Commission Nationale pour la Protection des Données - CNPD) and the Luxembourg Institute of Science and Technology (LIST) to present a Compliance Support Tool for the general rules on data protection that they have drawn up together, with support from Digital Lëtzebuerg.
Read more

CNPD Course

Data Protection Basics


From 5-7 July 2017, the CNPD is organizing a "Data Protection Basics" course. This course is aimed at “beginners”, who wish to learn basic elements of data protection law. In order to respect the rights of citizens and to comply with their own obligations, all concerned actors (interested persons, data controllers, data processors, ...) should know and understand the relevant rules on the protection of personal data.
Read more


The Article 29 Working Party (WP29), at the April plenary meeting, examined certain critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and of the Privacy Shield and adopted several key documents such as an opinion on the draft e-privacy regulation and guidelines on data portability, data protection officers, lead authority and data protection impact assessment.
Read more

International transfers of personal data

The CNPD approves the BCR of Rakuten


The Rakuten Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the European Union is provided to employees and clients of Rakuten when their personal data are transferred to entities within the same group located outside of the EU.
Read more


In the context of the Data Protection Day, the CNPD publishes three animated videos on the future General Data Protection Regulation and launches a complaint form. The goal of this day is to raise awareness on data protection and inform citizens of their rights and of good practices, thereby enabling them to exercise these rights more effectively.
Read more

All news



National Commission for Data Protection

1, avenue du Rock’n’Roll
L-4361 Esch-sur-Alzette

Tel.: (+352) 26 10 60-1
Fax: (+352) 26 10 60-29

E-mail contact

Submit a complaint


General Data Protection Regulation


Thematic dossier





Agenda / Key dates


Recent opinions


Article 29 Working Party


Introduction to data protection

The 10 commandments of data protection

Data protection: What is it about?


Public register






Data security

Data security