27 April 2026 marks the tenth anniversary of the adoption of the General Data Protection Regulation (GDPR), the European framework for the protection of personal data. For the past ten years, the GDPR has strengthened the rights of data subjects and established harmonised rules for organisations within the European Union.
In Luxembourg, the CNPD ensures the effective application of the GDPR. As an independent supervisory authority, it protects citizens’ fundamental rights whilst supporting public and private sector bodies in their compliance efforts. The CNPD plays an active role in European cooperation between data protection authorities, notably within the European Data Protection Board (EDPB), to ensure consistent application of the Regulation, particularly in cross-border cases.
Ten years after its adoption, the GDPR remains a key instrument in addressing the challenges posed by the rapid evolution of the digital landscape, particularly in relation to artificial intelligence and the platform economy. The CNPD will continue its commitment to ensuring a high level of personal data protection and strengthening trust in the digital environment.