Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation)
Luxembourg's Law of 1 August 2018 organising the National Commission for Data Protection (CNPD) and supplements the GDPR with national provisions. The Commission Nationale pour la Protection des Données (CNPD) oversees enforcement. Luxembourg is significant as the EU establishment of many major tech companies (Amazon, PayPal, Skype). The law includes provisions for the age of digital consent (16 years), processing by the public sector, research derogations, and employee data. CNPD has jurisdiction over major data controllers established in Luxembourg.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (8)
Cross-Border + EEA + Adequacy + SCC + Financial
| Code | Title |
|---|---|
| LU-LDP-Cross-Border-International-Transfer-LU-DPA-Transfers-EEA-Schrems-2021-SCC-Financial-Sector | Luxembourg LDP Cross-Border + LU-DPA-Transfers + EEA + Adequacy + SCC |
DPO + ROPA + DPIA + Codes + Articles 4 + 9 + 50 + 69
| Code | Title |
|---|---|
| LU-LDP-Governance-DPO-Article-50-ROPA-DPIA-Codes-Article-69-CNPD-Article-4-9-Investigatory-Powers | Luxembourg LDP DPO + ROPA + DPIA + Codes + Articles 4 + 9 + 50 + 69 |
Enforcement + Article 43 Public Sector + Fines + CNPD
| Code | Title |
|---|---|
| LU-LDP-Enforcement-Sanctions-Article-43-Public-Sector-Cap-Administrative-Fines-CNPD-Article-9-Powers | Luxembourg LDP Enforcement + Article 43 Public Sector Cap + Administrative Fines + CNPD |
Multilingual + Marketing + Cookies
| Code | Title |
|---|---|
| LU-LDP-Multilingual-Information-Communication-Marketing-Cookies-Direct-LU-DPA-Multilingual-Marketing | Luxembourg LDP Multilingual + Marketing + Cookies + Multilingual Information Communication |
Scope + Chambre des Deputes + CNPD + GDPR
| Code | Title |
|---|---|
| LU-LDP-Scope-Chambre-Deputes-1-August-2018-Effective-20-August-2018-CNPD-GDPR-Implementation-Constitutional | Luxembourg LDP Scope + Chambre des Deputes + 1 August 2018 + CNPD + GDPR Implementation |
Security + Breach + CNPD + CSSF + 72-Hour
| Code | Title |
|---|---|
| LU-LDP-Security-Breach-Notification-LU-DPA-Breach-CNPD-72-Hour-CSSF-Financial-Sector-CAA-CIRCL | Luxembourg LDP Security + Breach + LU-DPA-Breach + CNPD + CSSF + 72-Hour |
Subject Rights + Article 72 + Financial CSSF
| Code | Title |
|---|---|
| LU-LDP-Data-Subject-Rights-Restrictions-Article-72-National-Interest-Financial-CSSF-Supervision | Luxembourg LDP Subject Rights + Article 72 Restrictions + National Interest + CSSF |
Workplace + Whistleblowing + Journalism + Articles 52-67
| Code | Title |
|---|---|
| LU-LDP-Sensitive-Workplace-Surveillance-Article-63-Scientific-Article-65-Whistleblowing-Article-67-Journalism-Article-52 | Luxembourg LDP Workplace + Scientific + Whistleblowing + Journalism + Articles 52-67 |
Frequently Asked Questions
What is Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation)?
Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) is a compliance framework from Luxembourg with 8 domains and 8 controls. Luxembourg's Law of 1 August 2018 organising the National Commission for Data Protection (CNPD) and supplements the GDPR with national provisions. The Commission Nationale pour la Protection des Données (CNPD) oversees enforcement. Luxembourg is significant as the EU establishment of many major tech companies (Amazon, PayPal, Skype). The law includes provisions for the age of digital consent (16 years), processing by the public sector, research derogations, and employee data. CNPD has jurisdiction over major data controllers established in Luxembourg. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) have?
Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) has 8 controls organised across 8 domains. The largest domains are Cross-Border + EEA + Adequacy + SCC + Financial (1 controls), DPO + ROPA + DPIA + Codes + Articles 4 + 9 + 50 + 69 (1 controls), Enforcement + Article 43 Public Sector + Fines + CNPD (1 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) map to?
Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) compliance?
Start your Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Luxembourg Law of 1 August 2018 on Data Protection (GDPR Implementation) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 8 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 718 frameworks.
Get Started Free →Free forever — no credit card required