News

On 28 June 2021, the Commission adopted two adequacy decisions for transfers of personal data to the United Kingdom, under the General Data Protection Regulation (GDPR) and the Law Enforcement Directive respectively. Such a decision means that the personal data...

On 4 June 2021, the European Commission published two new sets of standard contractual clauses (SCCs). The first set is intended to regulate the transfer of data from controllers or processors of the EU/EEA (subject to the GDPR) to...

The EDPB adopted a final version of the Recommendations on supplementary measures following public consultation. After the CJEU Schrems II ruling, they aim to assist controllers and processors acting as data exporters with their duty to identify and implement appropriate...

The CNPD has made public 18 decisions concerning investigations on the outcome of investigations. In accordance with Article 41 of the Law of 1 August 2018 on the organisation of the CNPD and the General Data Protection Regime, decisions on the outcome of investigations are taken by the restricted panel of the CNPD. The decisions are in principle published anonymously on its website,

The GPA Reference Panel welcomes applications until 19 February 2021. What is the Global Privacy Assembly? Established in 1979, the GPA is the international forum of data protection and privacy authorities which provides leadership at the international level by connecting...

EDPB adopts Guidelines on examples regarding data breach notification The EDPB adopted guidelines on examples regarding data breach notification. These guidelines complement the WP 29 guidance on data breach notification by introducing more practice orientated guidance and recommendations. They aim...

Merry Christmas and a Happy New Year 2021

The EDPB adopted its Strategy 2021-2023 On December 15th, the EDPB met for its 43rd plenary session. During the plenary, a wide range of topics was

Publication of the annual report 2019 2019 was the first full year that the CNPD worked under the General Data Protection Regulation[1] (GDPR) and the

Over the last weeks the CNPD together with the data protection authorities of the EU member states have elaborated within the European Data Protection Board (EDPB) recommendations on measures that supplement transfer tools to ensure compliance with GDPR.

39th Plenary Session of the EDPB

The Board adopted Guidelines on the concepts of controller and processor in the GDPR and Guidelines on the targeting of social media users.

38th Plenary Session of the EDPB

The Luxembourg Data Protection Authority (CNPD) welcomes the judgement from the Court of Justice of the European Union (CJEU) in the case Data Protection Commissioner v Facebook Ireland and Maximillian Schrems (Schrems II), rendered on July 16, 2020.

The EDPB has published a new register containing decisions taken by national supervisory authorities following the One-Stop-Shop cooperation procedure (Art. 60 GDPR) on its website.

Today, just over two years after its entry into application, the European Commission published an evaluation report on the General Data Protection Regulation (GDPR).

From Monday, 8 June 2020, the offices of the National Commission for Data Protection (CNPD) are transferred to the Naos building in Belval.

During its 23rd plenary session, the EDPB adopted guidelines on the processing of health data for research purposes in the context of the COVID-19 outbreak and guidelines on geolocation and other tracing tools in the context of the COVID-19 outbreak.

Wednesday, 15 April, 2020 - Following a request for consultation from the European Commission, the European Data Protection Board adopted a letter concerning the European Commission's draft Guidance on apps supporting the fight against the COVID-19 pandemic.