-
Lawfulness of processing
In order to be lawful, the processing operations must be based on one of the following conditions: The data subject has consented to the processing of his/her personal data for one or more specific purposes. The processing is necessary
-
CNPD Course: 7&8 February 2018
Data Protection Basics
On 7 and 8 Feburary 2018, the CNPD organized courses on the basics of data protection. 200 participants were informed about the rights of data subjects, the obligations of controllers and processors and the role of the CNPD.
-
28 January 2020: Data Protection Day
Data Privacy Day - "Take control of your privacy"
On 28 January 2020, the CNPD will participate in the Data Privacy Day, which is an annual event organized by the Restena Foundation and the University of Luxembourg in the framework of the Data Protection Day.
-
Transfers from the EEA to the UK : what to do? (Infographic)
Note 1 → Will the transfers continue after the United Kingdom’s withdrawal ? If yes, is the transfer necessary? Bear in mind the principle of data minimization, which requires that you only process data that are necessary (and not only useful
-
2.1. The “EU-U.S. Privacy Shield Framework”
The so-called “EU-U.S. Privacy Shield Framework” (operational since 1 August 2016) protects the fundamental rights of anyone in the EU whose personal data is transferred to the United States of America for commercial purposes. The framework also
-
European Data Protection Board (EDPB)
Sixteenth EDPB Plenary Session
On December 2nd and 3rd, the EEA Data Protection Authorities and the European Data Protection Supervisor, assembled in the European Data Protection Board, met for their sixteenth plenary session. During the plenary, several topics were discussed.
-
2. What will happen after 31 January 2020 if there is no Withdrawal Agreement
2.1. The consequences for international data transfers in the event of a “no deal” Brexit In the event of a “no deal” Brexit, the United Kingdom will leave the European Union as of 1 February 2020 and will become
-
Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework
The English and German versions of the national data protection law have been published
The CNPD has published the English and German versions of the Act of 1 August 2018 on the organisation of the National Data Protection Commission and the general data protection framework.
-
1. Transfers within the European Economic Area (European Union, Liechtenstein, Norway and Iceland)
EU data protection rules apply to the European Economic Area and personal data may therefore be transferred freely between these countries, provided that the processing complies with the general principles of the GDPR (e.g. lawfulness of processing, compatibility
-
Job offers
There are no job offers at the moment. DES POSTES VACANTS DE JURISTES SOUS LE STATUT D’EMPLOYE OU FONCTIONNAIRE DE L’ETAT (M/F) DANS LE GROUPE D’INDEMNITE A1 POSTE VACANT D’INFORMATICIEN SOUS LE STATUT D’EMPLOYE
-
European Data Protection Board
1 year GDPR – taking stock
Just a few days short of the GDPR’s first anniversary, the European Data Protection Board surveyed the Supervisory Authorities (SAs) of the EEA and takes stock of the Board’s achievements.
-
Merry Christmas and a Happy New Year
Merry Christmas and a Happy New Year!
-
First year of application of the EU General Data Protection Regulation
Special Eurobarometer survey on data protection
The European Commission published the results of a special Eurobarometer survey on data protection. The results show that Europeans are relatively well aware of the new data protection rules, their rights and the existence of national data protection authorities, to whom they can turn for help when their rights are violated.
-
3. Transfers towards a country outside the European Economic Area without an adequate level of protection
When a country outside the EEA is not recognised by the European Commission as offering an adequate level of protection, there are several options that can be used to transfer personal data to these countries. The CNPD recommends, as its
-
The right to erasure ("Right to be forgotten")
If the retention of data concerning you is no longer justified, you may request their erasure. If the controller has no legitimate reason (e.g. legal obligations at the accounting level) that justifies the retention of your data, then they
-
The right to data portability
You change you online provider and want to retrieve your data? The right to data portability allows you to receive, free of charge, the data you provided to a controller, in a structured, commonly used and machine-readable format
-
Data breaches (General data protection regulation)
Data controllers shall notify personal data breaches to the CNPD withing 72 hours after having become aware of them, if the violation in question is is likely to result in a risk to the rights and freedoms of natural persons.
-
From 21 to 24 October in Tirana (Albania)
International Conference of Data Protection and Privacy Commissioners
The 41st International Conference of Data Protection and Privacy Commissioners took place in Tirana (Albania) from 21 to 24 October 2019.. The theme of the conference was "Convergence and connectivity: raising global data protection standards in the digital age".
-
The right of access
You can exercise your right of access by contacting the controller directly and ask to obtain the personal data he concerning you and certain additional information. Examples : You buy a product on the Internet and want to know what information
-
The right to delisting
You are visting a search engine (Google, Bing, Yahoo etc.) and, when you enter a combination of your first and last name, you find a search result that is wrong or irrelevant. What can you do? Contact the search engine
National Commission for Data Protection
Grand-Duchy of Luxembourg
Search
