Credit: CNPD 2017 Activity Report

The National Commission for Data Protection (CNPD) organised 281 meetings with actors from the private and public sectors on the new data protection rules last year.

Indeed, the year 2017 marked the transition to the new general regulation on data protection or "RGPD", applicable since May 25, 2018. As such, the CNPD was on hand to answer many questions on the matter from companies, governments and associations. The European regulation was completed at the national level by the law of 1 August 2018.

According to the CNPD’s new activity report for 2017, the main change associated with these rules is that organisations will no longer have to submit a notification or a request for prior authorisation to process personal data. On the other hand, they will have to verify themselves the legality of their treatments and put the appropriate safeguards in place to protect the persons concerned. The effectiveness of the measures taken will be monitored by the CNPD with the possibility of imposing sanctions in case of violation.

To help organisations in their compliance efforts, the CNPD has developed a tool to verify the level of maturity in terms of data protection: the "GDPR Compliance Support Tool" available at https: //cst.cnpd.lu. In addition, the CNPD has collaborated actively with associations, federations, groups or other bodies representing a multitude of sectors of activity to help them better understand their obligations.

In addition, several introductory data protection training sessions were held in order to familiarise those interested with the basic basics, as well as specific information sessions on the GDPR on 18 and 19 October 2017 which attracted more than 500 participants.