On August 1st, 2018 the Luxembourg government adopted two new data protection laws implementing the General Data Protection Regulation (Regulation (EU) 2016/679 – the “GDPR”).

  • The first law (the Luxembourg Data Protection Law) defines the organisation of the Luxembourg data protection authority (the CNPD) and provides for specific requirements or exceptions in implementation of the GDPR;
  • The second law (the Luxembourg Law on Criminal Data Processing) specifically relates to the protection of individuals with regard to the processing of personal data in criminal matters and national security.