Unpacking compliance, security and AI.
Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.
5 articles found · #cnpd
CNPD — Workplace video surveillance: proportionality, DPIA and employee rights
Workplace cameras are allowed in Luxembourg, but under strict rules: legal basis, proportionality, frequent DPIA, L.261‑1 information duties and employee rights. Document everything, camera by camera.
GDPR – Article 28: the watertight processor contract
In 2026, every DPO/CISO must bulletproof processor contracts. Mandatory clauses, EDPB/CNPD guidance, and a practical audit playbook for a watertight Article 28.
GDPR Art. 33: Notify CNPD of a breach within 72h—without panic
Practical method, based on official texts and CNPD guidance, to decide, notify, and document a personal data breach within 72 hours.
EU‑US data transfers after Schrems II and the DPF: CNPD expectations 2026
Secure transatlantic flows without over‑compliance: the DPF eases transfers to certified US entities, but Article 46 and supplementary measures remain key outside the DPF. Prioritize vendor governance and DPIA documentation.
CNPD: recording business meetings and conversations in GDPR compliance
In 2026, Luxembourg’s CNPD frames audio/video recording of private meetings. Legal basis, transparency and retention are critical; recordings often must be deleted once the minutes are approved.
