Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

80 articles found · #luxembourg

Instructure/Canvas: 275M users at risk — 24/7 SOC to meet NIS2 Art. 23

ShinyHunters breached Instructure/Canvas, threatening up to 275M records. How a managed SOC/SIEM enables 24h qualification and ILR notification under NIS2 Art. 23.

Health data: €5M fine against IQVIA — what GDPR Article 9 really requires

On May 26, 2026, the CNIL fined IQVIA €5M over shortcomings in its health data warehouses. The case illustrates GDPR Article 9’s general prohibition and the strict conditions of its exceptions.

ENISA 2026: Exercise Methodology to Operationalize DORA Article 24

ENISA releases a cybersecurity exercise methodology with ready-to-use kits. In practice: DORA Article 24–aligned tabletop tests to speed decision-making and reduce ransomware impact.

FlowerStorm (KrakVM) evades email filters and the NIS 2 stakes

The FlowerStorm phishing kit runs obfuscated JavaScript in KrakVM to intercept MFA. Here is how an email gateway, DMARC/SPF/DKIM, and a 24/7 SOC help meet NIS 2 in Luxembourg.

CSSF — Circular 25/893: tightened ICT alerting and reporting under DORA

The CSSF tightens ICT incident classification and notification under DORA via eDesk. Here is how an EDR/XDR stack enables timely detection, qualification, and reporting with harmonized deadlines.

France Travail fined: key lessons from GDPR Article 32

On 22 January 2026, the CNIL fined France Travail €5M for weaknesses in authentication, logging and access rights. In Luxembourg, GDPR Article 32 requires appropriate, demonstrably effective security measures.

CNPD — Vehicle geolocation: what the 2023–2025 guidance requires

The CNPD updated its vehicle geolocation guidance. Key points: structured legitimate interest, purpose limitation, off-duty deactivation, dual transparency and DPIA.

Luxgap and LuxApps at Nexus Luxembourg 2026: compliant and secure AI business applications

On 10-11 June 2026 at Luxexpo The Box, Luxgap and LuxApps are at Nexus Luxembourg. Joint booth with demos of DPO Assist, KYC AML, Third Party Register, LuxApps HRIS. Conference talk on developing AI-boosted business applications, compliant and secure.

External DPO France: why choose a Luxembourg firm recognised across Europe

French company looking for an external DPO? Discover the advantage of a Luxembourg European-scale firm: multi-regulator knowledge (CNIL, CNPD, APD, BfDI, AEPD, Garante), pluridisciplinary team, lower cost than Parisian firms.

Foxconn hit by Nitrogen: 8 TB stolen, plants slowed — SOC/NIS 2 in 24h

Ransomware group “Nitrogen” claims 8 TB and 11M+ files stolen at Foxconn, disrupting North American plants. In Europe, a managed SOC/SIEM is key to detect fast and notify the ILR within 24h (NIS 2, Art. 23).

CNIL 2025 report: EUR 487M in fines, 1 breach in 2 = hacking, key takeaways

CNIL 2025 annual report: 20,150 complaints (record), EUR 487M in fines (including Google EUR 325M and Shein EUR 150M), 1 breach in 2 results from hacking. The real signal for 2026 and 4 concrete actions for DPO and CISO.

External DPO: 7 lessons from 200+ mandates in Luxembourg and Europe

200+ external DPO mandates across all sectors: the 7 recurring findings we make on takeover, and how Luxgap puts things in order. Concrete pricing, sector examples, what really changes.

← Newer Page 5 / 7 Older →