Download free GDPR compliance checklist!

Tag Archives for " Luxembourg "

noyb brings Luxemburg’s Data Protection watchdog to court for refuses to act on US companies

noyb filed an appeal against two decisions of the Luxemburg Data Protection Authority (CNPD) before the administrative tribunal of Luxemburg on a fundamental matter: the authority dismissed two complaints lodged against US-based data controllers, Apollo and RocketReach.

The CNPD explicitly confirmed that the General Data Protection Regulation (GDPR) applies to these non-EU companies. However, the CNPD considered that it could not enforce the GDPR against these US controllers, despite multiple enforcement options within the EU. These decisions fundamentally undermine the application of the GDPR to all foreign companies on the EU market – a key promise of the law when it was introduced in 2018.

Source: Luxemburg’s Data Protection watchdog refuses to show its teeth to US companies. noyb files court case.

Luxembourg DPA Publishes Data Breach Reporting Form

On February 12, 2018, the Luxembourg data protection authority ( Commission nationale pour la protection des donées , “CNPD”) published on its website (in English and French ) a form to be used for the purpose of compliance with data breach notification requirements applicable under the EU General Data Protection Regulation (the “GDPR”).

Pursuant to the GDPR, data controllers must notify the competent supervisory authority of a data breach within 72 hours of becoming aware of it, if the breach is likely to result in a risk to the rights and freedoms of individuals. Though breach notification is currently not required under the EU Data Protection Directive 95/46/EC, the CNPD has already published the form to assist companies with breach reporting prior to the GDPR coming into force.

Source: Luxembourg DPA Publishes Data Breach Reporting Form

Luxembourg DPA approves the BCR of PayPal

The PayPal Group has adopted Binding Corporate Rules, which define its global data protection policy with regard to international transfers of personal data. The purpose of these rules is to ensure that the same level of protection as in the EU is provided to employees and clients of PayPal when their personal data are transferred to entities within the same group located outside of the EU.

Source: The CNPD approves the BCR of PayPal — National Commission for Data Protection // Luxembourg

Luxembourg’s DPA launches GDPR compliance tool

The CNPD, with support from Digital Luxembourg and in conjunction with the Luxembourg Institute of Science and Technology (LIST), has developed a GDPR Compliance Support Tool. The purpose of this tool is to offer users an innovative, intuitive solution for ascertaining the level of maturity of their organisations with regard to data protection.

Source: Launch of compliance support tool for new general data protection scheme — National Commission for Data Protection // Luxembourg

Luxembourg GDPR implementation bill sent to parliament

On 12 September 2017, a highly awaited bill implementing and complementing the EU General Data Protection Regulation or GDPR (Regulation No 2016/679) was submitted to the Luxembourg Parliament.

Source: Luxembourg legislative proposal implementing and complementing the GDPR | European American Chamber of Commerce New York [EACCNY] | Your Partner for Transatlantic Business Resources