Search

Transfers from a Luxembourg public authority or body to another public authority or body in a third country (i.e. outside the European Economic Area) may take place: with a legally binding and enforceable instrument between public authorities or bodies

When a country outside the EEA is not recognised by the European Commission as offering an adequate level of protection, there are several options that can be used to transfer personal data to these countries. The CNPD recommends, as its

EU data protection rules apply to the European Economic Area and personal data may therefore be transferred freely between these countries, provided that the processing complies with the general principles of the GDPR (e.g. lawfulness of processing,  compatibility

Transfers of personal data may take place between different countries in the context of international cooperation in the field of Police and Justice, in accordance with existing international agreements or treaties. Cross-national supervisory authorities (e.g. Europol, Eurojust) apply

The CNPD shall have investigative powers, corrective powers, authorisation and advisory powers. Investigative powers The CNPD shall have all of the following investigative powers: to order the controller and the processor, and, where applicable, the controller's or the

The CNPD is present in the three Joint Supervisory Authorities (JSAs): "Schengen", "Europol" and "Customs".

You shall have the right to object, on grounds relating to your particular situation, at any time to processing of personal data concerning you if the legal basis for processing is: the pursuit of the legitimate interests of the controller

Who processes my personal data? Why and how is it processed? Companies or administrations must give you these elements in clear and plain language at the same time as the collection of your data or, at the latest, within one

Where the processing for a purpose other than that for which the personal data have been collected is not based on the data subject's consent or on a Union or Member State law which constitutes a necessary and proportionate

The National Data Protection Commission (CNPD) will process your personal data in order to fulfil the tasks assigned to it by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection...

Where your processing operations involve "sensitive data", special conditions may apply (examples: a data protection impact assessment, additional information to be provided to the data subject, the consent of the data subject, contractual clauses, etc.). Special categories

As a controller, you shall maintain a record of processing activities under your responsibility. Similarly, your processors shall maintain a record of all categories of processing activities carried out on your behalf. However, this obligation shall not apply

Before data may be processed by the controller, a number of conditions of lawfulness must be met to ensure an adequate protection of privacy. When you process personal data, you must comply with the following principles: Principles of lawfulness, fairness

The data subject's consent is one of the conditions processing operations can be based in order to be lawful. The provisions concerning the conditions applicable to consent were further developed by the GDPR, emphasizing its "free, specific, informed

In order to be lawful, the processing operations must be based on one of the following conditions: The data subject has consented to the processing of his/her personal data for one or more specific purposes. The processing is necessary