On 1 August 2018, the Luxembourg law implementing and complementing the EU General Data Protection Regulation or GDPR (Regulation No 2016/679) was adopted and published. Since the GDPR is a European regulation, its provisions have been directly applicable in Luxembourg as from 25 May 2018.
However, the Member States were left a number of ‘implementation’ options. Luxembourg has made use of some of these options, in particular concerning the organisation of the Luxembourg data protection authority (CNPD), including its administrative sanctioning powers, and the introduction of more specific material provisions on processing of health data and processing of personal data for journalistic, research and monitoring in a working relationship purposes. The Luxembourg GDPR Law...
|