Luxembourg

Summary

Law: Act of 1 August 2018 on the Organisation of the National Commission for Data Protection and Implementing the GDPR (the Act) and the General Data Protection Regulation (Regulation (EU) 2016/679)

Regulator: National Commission for Data Protection (CNPD)

Summary: Luxembourg implemented the GDPR in 2018 through the Act of 1 August 2018 on the Organization of the National Commission for Data Protection and Implementing the GDPR (the Act). The GDPR is therefore directly applicable with regards to data subject rights and data controller and data processor obligations as well as data transfers. The Act establishes the National Commission for Data Protection (CNPD) and details its investigatory and enforcement powers. Moreover, the Act contains several express permissions to derogate from the GDPR where personal data is processed for scientific or historical research purposes or for statistical purposes, and prohibits the processing of genetic data for the purposes of the exercise of rights of the data controller in the insurance sector and in relation to employment. The CNPD frequently advises the legislator on privacy aspects and has issued opinions on legal reforms regarding data transparency, anti-money laundering, insurance, and financial trusts.

Browse more content in Luxembourg

All Guidance Notes

All News

All Insights

News

06 September 2024

Luxembourg: CNPD releases 2023 annual report

04 July 2024

Luxembourg: CNPD publishes opinion on health data insurance draft law amendments

18 June 2024

Luxembourg: CNPD opinion on draft law on retention of personal data

27 May 2024

Luxembourg: CNPD launches AI sandbox

22 January 2024

Luxembourg: CNPD announces whistleblower reporting form

22 January 2024

Luxembourg: CNPD calls for feedback on AI and personal data protection

06 June 2023

Luxembourg: Whistleblowing law enacted after being exempted from second vote

01 June 2023

Luxembourg: ACJ's 2022 annual activity report highlights main areas of activity and examined complaints

16 May 2023

Luxembourg: Chamber of Deputies adopts whistleblowing draft law

28 March 2023

Luxembourg: Chamber of Deputies passes bill implementing Digital Markets Act

23 March 2023

Luxembourg: CNPD announces results of six investigations concerning data transparency

18 August 2022

Luxembourg: CNPD reminds communes of requirement to appoint DPO

Insights

September 2023

Luxembourg: Overview of the whistleblowing law

The Luxembourg Law Transposing the Whistleblowing Directive (the Law) generalizes the protection of whistleblowers, which only existed before in the financial sector and in relation to money laundering violations. It was the result of fierce debates, especially around the fear of creating a climate of systematic denunciation without appropriate safeguards, going well beyond the protection of transparency activists driven by the public interest. Claire Leonelli and Florian Poncin, from CLAW - Avocats à la Cour, outline the contents of the Law, including its main obligations and who it protects.

December 2021

Luxembourg: Overview of cookies guidelines

The National Commission for Data Protection ('CNPD') published, on 26 October 2021, guidelines on cookies and other trackers ('the Guidelines'), which are intended to help operators of websites or apps to comply with the currently applicable rules on this matter. This insight breaks down some of the key points from the Guidelines, including a range of different scenarios where consent may or may not be necessary.

Luxembourg

Summary

Browse more content in Luxembourg

News

Insights

Get the Latest News

Thanks for signing up!

Company

Our Policies

Your Rights

Follow us