Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
41 articles found · Veille Luxgap
CSSF: requirements of the review on illiquid asset valuation
On 4 June 2026, the CSSF released a feedback report on illiquid asset valuation at IFMs. It requires immediate benchmarking of practices and documented corrective measures.
ICO recovers £118,852 from two former RAC employees
On 4 June 2026, the ICO secured confiscation orders totaling £118,852.32 against two former RAC employees for illegally selling nearly 30,000 lines of motorists’ data, underscoring increased post-conviction use of POCA powers.
WFP Gaza: warning for your enrollment portals (600,000 households)
On 2 June 2026, the WFP confirmed its self‑registration app in Palestine was compromised: data of ~600,000 Gaza households (names, IDs, mobiles, location) exfiltrated. Breach dated 14 May.
Dashlane: fewer than 20 vaults copied — lessons from a 2FA attack
On May 31, 2026, a brute-force campaign targeting 2FA allowed attackers to copy encrypted Dashlane vaults from “fewer than 20” users. Here’s what this means for your IAM controls and GDPR/NIS 2 obligations.
AEPD fines Amadeus €14.4M for traveler profiling without legal basis
Spain’s AEPD fined Amadeus IT Group €14.4M (reduced from €18M) for a traveler profiling pilot using booking data without a lawful basis and without informing travelers. Decision made public on May 26–27, 2026.
AI Act: 3 days to respond — EU consultation on transparency
The European Commission closes its consultation on transparency guidelines (Article 50 AI Act) on 3 June 2026. Last call to finalize your “AI” notices and labelling of synthetic content.
CNIL updates MR‑001/MR‑003: an operational playbook (26/05)
The CNIL updates MR‑001 and MR‑003 and releases compliance checklists. Immediate effect for health research conducted in France, impacting Luxembourg sponsors when French patients or sites are involved.
Luxgap and LuxApps at Nexus Luxembourg 2026: compliant and secure AI business applications
On 10-11 June 2026 at Luxexpo The Box, Luxgap and LuxApps are at Nexus Luxembourg. Joint booth with demos of DPO Assist, KYC AML, Third Party Register, LuxApps HRIS. Conference talk on developing AI-boosted business applications, compliant and secure.
External DPO France: why choose a Luxembourg firm recognised across Europe
French company looking for an external DPO? Discover the advantage of a Luxembourg European-scale firm: multi-regulator knowledge (CNIL, CNPD, APD, BfDI, AEPD, Garante), pluridisciplinary team, lower cost than Parisian firms.
CNIL 2025 report: EUR 487M in fines, 1 breach in 2 = hacking, key takeaways
CNIL 2025 annual report: 20,150 complaints (record), EUR 487M in fines (including Google EUR 325M and Shein EUR 150M), 1 breach in 2 results from hacking. The real signal for 2026 and 4 concrete actions for DPO and CISO.
External DPO: 7 lessons from 200+ mandates in Luxembourg and Europe
200+ external DPO mandates across all sectors: the 7 recurring findings we make on takeover, and how Luxgap puts things in order. Concrete pricing, sector examples, what really changes.
NIS 2 audit: method, pitfalls and quality criteria for measures
7-phase NIS 2 audit method, the 5 most common pitfalls, and the 6-criteria grid to distinguish a real SOC from a marketing product. For the 1,200+ Luxembourg entities concerned.