The rapid evolution of information and communications technology since 1995 has given rise to new concern about the handling of personal data and the protection of privacy in a global context. The EU's response is the General Data Protection Regulation, which was approved by the European Parliament in 2016 after more than four years of negotiation and around 4,000 amendments, finally coming into force two years after its publication in the Official Journal, on May 25, 2018.

The regulation requires companies to adopt various measures to become compliant with the new data protection rules, especially taking into account the fact that data protection authorities will henceforth have the power to impose heavy financial penalties in the event of infringements.

Luxembourg's complementary legislation

In September 2017 Luxembourg's parliament began consideration of draft legislation designed to complement the GDPR, making use of the room for manoeuvre the regulation allows EU member states to enact additional legislation regarding the protection of personal data. Parts of the draft bill have been criticised by several of the public and private bodies invited to offer their opinions, prompting the Luxembourg government to introduce amendments to the legislation.

How can we help?

The bill indicates the government’s intention to strengthen protection of personal data and to expand the powers of the Luxembourg Data Protection Authority (CNPD) through the authority to sanction infringements of the GDPR and the grand duchy's own data protection law. Therefore, companies processing personal data are strongly recommended to adopt measures specifically designed to comply with the new obligations and ensure transparency.

The bill and its amendments demonstrate the government’s intention to move beyond mere mechanical application of the GDPR in Luxembourg, notably by ensuring that the right of employees as data subjects are fully respected, giving more powers to the CNPD and establishing an authority to coordinate and ensure data protection within state entities and public bodies.

Case Law

Facebook Fan page administrators : mind the personal data processing rules (05/06/18): click here to read the full article.

Related Content

Astrid Wagner
Counsel

IP, Communication & Technology
Corporate Law, Mergers & Acquisitions

David Alexandre
Senior Associate

IP, Communication & Technology

Sophie Wagner-Chartier
Partner

Commercial & Insolvency
IP, Communication & Technology
Corporate Law, Mergers & Acquisitions
15/04/2016
Adoption of the EU General Data Protection Regulation
​After more than 4 years of negotiation and roughly 4,000 amendments, the General Data Protection Regulation has finally been adopted yesterday by the...
Read More_
29/09/2017
Publication of the first bill of law complementing the European General Data Protection Regulation
​Publication of the first bill of law (“avant-projet n°7184”) complementing the European General Data Protection Regulation ("GDPR").​​
Read More_
08/04/2018
General Data Protection Regulation: Publication of the first government amendments to bill of law no. 7184
On 12 September 2017, the Luxembourg Parliament issued bill of law n°7184 (the “Bill of Law”) in order to complement Regulation (EU) 2016/679 of the E...
Read More_
Les midis de l'entreprise – General Data Protection Regulation ("GDPR") – What impact on my busine...
GDPR and the Luxembourg fund industry, a pragmatic approach - 08/03/2018 - Luxembourg
enhance
your
experience

Would you like to configure your browsing experience at arendt.com?

Let us know your profile and favourite topics

You are

Banking and Financial Services

Fund Industry

Private Sector

Private Wealth

Public Sector