Séances d’information CNPD 18-10-2017 & 19-10-2017

Les présentations sont en ligne:   / The presentations are online: https://cnpd.public.lu/fr/actualites/national/2017/10/seances-info-GDPR.html Article 29 Working Party Guidelines On October 18, the Article 29 Working Party released its draft of “Guidelines on Personal data breach notification under Regulation 2016/679”and  “ Guidelines on Automated individual decision-making and Profiling for the Purpose of Regulation 2016/679”. The guidelines are not final yet and stakeholders may comment on these guidelines until November 28.

Lignes directrices du groupe de travail «Article 29» Le 18 octobre, le groupe de travail «Article 29» a publié son projet de «Directives sur la notification des violations de données personnelles conformément au règlement 2016/679» et «Lignes directrices sur la prise de décision individuelle automatisée et le profilage aux fins du règlement 2016/679». Les lignes directrices ne sont pas encore finalisées et les intervenants peuvent les commenter  jusqu’au 28 novembre.

Judgment C-73/16 of the European Court of Justice: processing of personal data, tax collection and fight against tax fraud

We would like to inform you on judgment C-73/16 of the Court of justice of the European Union dated 27 September 2017 and pertaining notably to tax collection, tax fraud, the protection of fundamental rights and freedoms, as well as the legitimacy of a processing carried on by authorities in the public interest.

(see: http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:62016CJ0073&qid=1506511807587&from=EN)

The judgment can be briefly summarised as follows: believing himself to be a victim of an infringement of his rights relating to personality by the inclusion of his name on a contested list, Mr Pu?kár applied to the Supreme Court of the Slovak Republic by an action followed by an appeal, to order the Finance Directorate, all tax offices under its control and the Financial Administration Criminal Office not to include his name on the contested list or any other similar list and to delete any reference to him from those lists and from the finance authority’s IT system. According to Mr Pu?kár, the Finance Directorate and the Financial Administration Criminal Office have drawn up and are using a contested list of natural persons, which the public authorities refer to by the expression ‘biele kone’ (‘white horses’). That expression is used for persons acting as ‘fronts’ in company director roles.

The Court in particular rules that article 7(e) of the Directive 95/46 must be interpreted as not precluding the processing of personal data by the authorities of a Member State for the purpose of collecting tax and combating tax fraud such as that effected by drawing up of a list of persons such as that at issue in the main proceedings, without the consent of the data subjects, provided that, first, those authorities were invested by the national legislation with tasks carried out in the public interest within the meaning of that article, that the drawing-up of that list and the inclusion on it of the names of the data subjects in fact be adequate and necessary for the attainment of the objectives pursued and that there be sufficient indications to assume that the data subjects are rightly included in that list and, second, that all of the conditions for the lawfulness of that processing of personal data imposed by Directive 95/46 be satisfied.

Conférence de la Chambre de Commerce du Luxembourg


Conférence GDPR organisée par l’ILAC

L’ILAC a le plaisir de vous inviter à une formation sur le thème:

Impact de la GDPR sur les entreprises d’assurance


Christophe Buschmann – Data Protection Commissioner CNPD
Dan Chelly, Senior Partner – Optimind Winter
Sanaa Nouiri, Manager Risk Management – Optimind Winter

La formation aura lieu mardi, le 17 octobre 2017 de 14.00 à 17.00 au Cercle
Cité (Auditorium) à Luxembourg-Ville. Elle est ouverte à toute personne
intéressée par le sujet. Pour plus de détails veuillez consulter
l’invitation en annexe.

L’inscription peut être faite via le lien suivant:




Rapport CNPD & Projet de loi

La CNPD a publié son rapport d’activités 2016

Dépot du projet de loi portant création de la Commission nationale pour la protection des données et la mise en oeuvre du règlement (UE)

«Une bonne nouvelle pour la vie privée»

La Commission nationale pour la protection des données salue l’arrêt sur la surveillance des communications électroniques au travail rendu mardi par la Cour européenne des droits de l’Homme.


La CEDH épingle la surveillance électronique


CNPD published its GDPR preparation guide


New compliance tool supporting organisations with regard to the new data protection scheme

The annual general meeting of the data protection association ‘Association pour la Protection des Données au Luxembourg’ (APDL) held on 14 June 2017 provided an opportunity for the national data protection commission (Commission Nationale pour la Protection des Données – CNPD) and the Luxembourg Institute of Science and Technology (LIST) to present a Compliance Support Tool for the general rules on data protection that they have drawn up together, with support from Digital Lëtzebuerg.

The new data protection scheme, which comes into force on 25 May 2018, requires all stakeholders to achieve compliance as quickly as possible. To support the stakeholders in their task of incorporating the provisions of the general rules on data protection in their in-house policies, the CNPD decided to work with the LIST, with support from Digital Lëtzebuerg, on developing a Compliance Support Tool. A tool of this kind is a contribution to the Grand Duchy’s aim of digitising and simplifying procedures, particularly those concerning compliance with the present and future framework of regulations.

The aim of the Compliance Support Tool is to draw up an innovative, intuitive solution enabling users to check the level of maturity of their organisations. The tool will allow users not only to manage a processing register, together with all the other documents necessary for demonstrating their responsibility, but also to monitor the evolution of the level of maturity of their organisations.

The first stage in devising the Compliance Support Tool consisted of developing a test version. To be close to the needs of the various sectors, this version was drawn up jointly with stakeholders active in the fields of health and finance. It was this test version that was presented at the APDL’s annual general meeting, marking both completion of the first stage of the project and the start of the second stage. This second stage, which is expected to last three months, involves a number of companies using the first version of the tool under real-life conditions. The decision to launch the test version of the tool was made in order to confront it as early as possible with the realities of organisations, so that any necessary adjustments can be made to ensure the pertinence of the tool.

With the support of Digital Lëtzebuerg, the CNPD and the LIST are looking for organisations interested in taking part in testing the tool. If you have any further questions, please contact us by e mail at regtech@cnpd.lu.