Filter the results
-
3.4. Specific safeguards for transfers between public authorities or bodies
Transfers from a Luxembourg public authority or body to another public authority or body in a third country (i.e. outside the European Economic Area) may take place: with a legally binding and enforceable instrument between public authorities or bodies
-
3. Transfers towards a country outside the European Economic Area without an adequate level of protection
When a country outside the EEA is not recognised by the European Commission as offering an adequate level of protection, there are several options that can be used to transfer personal data to these countries. The CNPD recommends, as its
-
1. Transfers within the European Economic Area (European Union, Liechtenstein, Norway and Iceland)
EU data protection rules apply to the European Economic Area and personal data may therefore be transferred freely between these countries, provided that the processing complies with the general principles of the GDPR (e.g. lawfulness of processing, compatibility
-
4. International cooperation in the field of Police and Justice
Transfers of personal data may take place between different countries in the context of international cooperation in the field of Police and Justice, in accordance with existing international agreements or treaties. Cross-national supervisory authorities (e.g. Europol, Eurojust) apply
-
Warning: attempted fraud - CNPD investigations
Several organisations informed the CNPD that they had been contacted by private companies offering data protection consulting and audit services, stating that these services were allegedly executed under the mandate or on behalf of the CNPD. The CNPD hereby clarifies
-
Attention: Phishing attempt by requesting access
Several organisations have contacted the CNPD following the receipt of a request for access that seemed dubious. The CNPD immediately contacted the GovCert to check whether it is a legitimate email or a phishing attempt. It has indeed been confirmed that the demand that has come from the domain "electronicprivacy.eu" is classified as phishing.
-
Powers
The CNPD shall have investigative powers, corrective powers, authorisation and advisory powers. Investigative powers The CNPD shall have all of the following investigative powers: to order the controller and the processor, and, where applicable, the controller's or the
-
CNPD Course: 23 October 2018
Data Protection Basics
On 23 October 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.
-
Joint Supervisory Authorities
The CNPD is present in the three Joint Supervisory Authorities (JSAs): "Schengen", "Europol" and "Customs".
-
The right to object
You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you if the legal basis for processing is: the pursuit of the legitimate interests of the controller
-
The right to information
Who processes my personal data? Why and how is it processed? Companies or administrations must give you these elements in clear and plain language at the same time as the collection of your data or, at the latest, within one
-
CNPD Course: 4 September 2018
Data Protection Basics
On 4 September 2018, the CNPD organizes new courses on the basics of data protection. These courses are aimed at “beginners”, who wish to learn basic elements of data protection law.
-
Further processing of personal data
Where the processing for a purpose other than that for which the personal data have been collected is not based on the data subject's consent or on a Union or Member State law which constitutes a necessary and proportionate
-
First plenary meeting of the EDPB
Europe’s new data protection rules and the EDPB: giving individuals greater control
Today the European Data Protection Board (EDPB) held its first plenary meeting. This new, independent EU decision-making-body with legal personality is created by the General Data Protection Regulation (GDPR), which enters into application as of today. The EDPB succeeds the Article 29 Working Party.
-
Data protection
The National Data Protection Commission (CNPD) will process your personal data in order to fulfil the tasks assigned to it by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection...
-
Processing of sensitive data
Where your processing operations involve "sensitive data", special conditions may apply (examples: a data protection impact assessment, additional information to be provided to the data subject, the consent of the data subject, contractual clauses, etc.). Special categories
-
Records of processing activities
As a controller, you shall maintain a record of processing activities under your responsibility. Similarly, your processors shall maintain a record of all categories of processing activities carried out on your behalf. However, this obligation shall not apply
-
Main principles
Before data may be processed by the controller, a number of conditions of lawfulness must be met to ensure an adequate protection of privacy. When you process personal data, you must comply with the following principles: Principles of lawfulness, fairness
-
Consent
The data subject's consent is one of the conditions processing operations can be based in order to be lawful. The provisions concerning the conditions applicable to consent were further developed by the GDPR, emphasizing its "free, specific, informed
-
Lawfulness of processing
In order to be lawful, the processing operations must be based on one of the following conditions: The data subject has consented to the processing of his/her personal data for one or more specific purposes. The processing is necessary