Personal Data Protection - GDPR

Lean more about Personal Data Protection and GDPR

The rapid evolution of information and communications technology since 1995 has given rise to new concern about the handling of personal data and the protection of privacy in a global context. The EU's response is the General Data Protection Regulation, which was approved by the European Parliament in 2016 after more than four years of negotiation and around 4,000 amendments, finally coming into force two years after its publication in the Official Journal, on May 25, 2018.

The regulation requires companies to adopt various measures to become compliant with the new data protection rules, especially taking into account the fact that data protection authorities will henceforth have the power to impose heavy financial penalties in the event of infringements.

Luxembourg's complementary legislation

In September 2017 Luxembourg's parliament began consideration of draft legislation designed to complement the GDPR, making use of the room for manoeuvre the regulation allows EU member states to enact additional legislation regarding the protection of personal data. Parts of the draft bill have been criticised by several of the public and private bodies invited to offer their opinions, prompting the Luxembourg government to introduce amendments to the legislation.

How can we help?

The law of 1 August 2018 ensuring the proper application of the GDPR shows the legislator’s intention to strengthen protection of personal data and to expand the powers of the Luxembourg Data Protection Authority (CNPD) through the authority to sanction infringements of the GDPR. Therefore, companies processing personal data are strongly recommended to adopt measures specifically designed to comply with the new obligations and ensure transparency.

The law demonstrates the legislator’s intention to move beyond mere mechanical application of the GDPR in Luxembourg, notably by ensuring that the right of employees as data subjects are fully respected, giving more powers to the CNPD and establishing an authority to coordinate and ensure data protection within state entities and public bodies.

Also, learn more about our offer to ensure Cybersecurity here_

Related Content

Astrid Wagner

Astrid Wagner is a Partner in the IP, Communication & Technology practice area of Arendt & Medernach. She is in charge of specialised areas of the law such as data protection and privacy questions, e-commerce and distance contracts, consumer protection, IT and outsourcing issues, the full spectrum of IP rights (trademarks, patents, designs and copyright), media and telecommunications, advertising, unfair competition and product regulation. Astrid also handles corporate law matters, advising operational companies on their establishment in Luxembourg (including required licences) and multinational companies on the structuring and financing of domestic and cross-border transactions and corporat...

Discover the Author
Back to 2023 – Forward to 2024
An overview of the major recent legal and regulatory developments under Luxembourg and EU law and upcoming changes.
Read More_
Intellectual property rights over software – recent case
The Court of Cassation confirmed in a recent decision that it is not possible to transfer rights over software without clear and precise provision in ...
Read More_
Back to 2022 – Forward to 2023
An overview of the major recent legal and regulatory developments under Luxembourg and EU law and upcoming changes.
Read More_
Cyberattaque - Aspects juridiques et interaction entre l’avocat et les différentes parties prenant...
Webinar - How GDPR helps you master your KYC digital risk
Midi de l'entreprise : Violation de données à caractère personnel : Comment réagir ?
GDPR and the Luxembourg fund industry, a pragmatic approach - 08/03/2018 - Luxembourg
Les midis de l'entreprise – General Data Protection Regulation ("GDPR") – What impact on my busine...

Would you like to configure your browsing experience at

Let us know your profile and favourite topics


Banks & Financial Institutions and Insurance


Private Clients
Public Sector

UCITS / Liquid Alts

Private Debt
Private Equity
Real Estate