Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

65 articles found · #reglementaire

GDPR Art. 33: Notify CNPD of a breach within 72h—without panic

Practical method, based on official texts and CNPD guidance, to decide, notify, and document a personal data breach within 72 hours.

EU‑US data transfers after Schrems II and the DPF: CNPD expectations 2026

Secure transatlantic flows without over‑compliance: the DPF eases transfers to certified US entities, but Article 46 and supplementary measures remain key outside the DPF. Prioritize vendor governance and DPIA documentation.

NIS 2 in Luxembourg: how to notify ILR within 24h/72h/1 month

NIS 2 requires an early warning within 24h, a formal notification at 72h, and a final report within 1 month. In Luxembourg, ILR and the national CSIRT (CIRCL) are your key contacts.

DORA Article 28: the 'ICT dependencies register' expected by the CSSF

Since 17 January 2025, all financial entities subject to DORA must keep a structured register of their ICT contracts. The CSSF has specified the timeline and submission modalities in Luxembourg.

CNPD: recording business meetings and conversations in GDPR compliance

In 2026, Luxembourg’s CNPD frames audio/video recording of private meetings. Legal basis, transparency and retention are critical; recordings often must be deleted once the minutes are approved.

← Newer Page 6 / 6