News

Several organisations informed the CNPD that they had been contacted by private companies offering data protection consulting and audit services, stating that these services were allegedly executed under the mandate or on behalf of the CNPD. The CNPD hereby clarifies

Several organisations have contacted the CNPD following the receipt of a request for access that seemed dubious. The CNPD immediately contacted the GovCert to check whether it is a legitimate email or a phishing attempt. It has indeed been confirmed that the demand that has come from the domain "electronicprivacy.eu" is classified as phishing.

On 23 October 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.

On 4 September 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.

Today the European Data Protection Board (EDPB) held its first plenary meeting. This new, independent EU decision-making-body with legal personality is created by the General Data Protection Regulation (GDPR), which enters into application as of today. The EDPB succeeds the Article 29 Working Party.

The Working Party 29 (WP29), the group uniting European data protection authorities, announces its full support for the ongoing investigations by national privacy authorities into the collection and use of personal data by and through social media. In addition, the WP 29 will create a Social Media Working Group to develop a long-term strategy on the issue.

“As a rule personal data cannot be used without full transparency on how it is used and with whom it is shared. This is therefore a very serious allegation with far-reaching consequences. ICO is conducting the investigation into this matter. As Chair of the Article 29 Working Party, I fully suport their investigation. The Members of the Article 29 Working Party will work together in this process."

On 13 April 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.

On 7 and 8 Feburary 2018, the CNPD organized courses on the basics of data protection. 200 participants were informed about the rights of data subjects, the obligations of controllers and processors and the role of the CNPD.

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

In 2018 the RESTENA Foundation and the University of Luxembourg have joined forces to provide to you a couple of sessions regarding current trends, legal and practical aspects as well as technical backgrounds of data privacy and data protection. Michel Sinner of the CNPD will be one of the Keynote speakers. His presentation will be about compliance monitoring by the CNPD.

The CNPD, with support from Digital Luxembourg and in conjunction with the Luxembourg Institute of Science and Technology (LIST), has developed a GDPR Compliance Support Tool. The purpose of this tool is to offer users an innovative, intuitive solution for ascertaining the level of maturity of their organisations with regard to data protection.

Merry Christmas and a Happy New Year 2018!

On 7 and 8 Febrary 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.

The CNPD has published a new brochure for data controllers and processors. The goal of this publication is to inform businesses, public authorities and associations about their data protection obligations and guide them in their effort to be compliant.

On the 18th and 19th October 2017, the CNPD organized two Information sessions about the General Data Protection Regulation. Nearly 500 representatives of companies, public administrations and associations attended these events. DESCRIPTION The General Data Protection Regulation will be applicable

The annual general meeting of the data protection association ‘Association pour la Protection des Données au Luxembourg’ (APDL) held on 14 June 2017 provided an opportunity for the national data protection commission (Commission Nationale pour la Protection des Données - CNPD

Description As our society collectively moves online, so businesses, public administrations, associations and other professional actors increasingly find themselves collecting, exchanging and processing personal data. And yet, the use of such data is subject to stringent rules. Processing activities such

The Article 29 Working Party (WP29), at the April plenary meeting, examined certain critical matters with regards to the implementation of the General Data Protection Regulation (GDPR) and of the Privacy Shield and adopted several key documents such as an

The Rakuten Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the