Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Luxembourg: CNPD adopts first ever GDPR certification mechanism
The National Commission for Data Protection ('CNPD') announced, on 8 June 2022, that it had adopted, on 13 May 2022, its certification mechanism, the General Data Protection Regulation (Regulation (EU) 2016/679) Certified Assurance Report-based Processing Activities ('GDPR-CARPA'), making it the first certification mechanism to be adopted on a national and international level under the GDPR. In particular, the CNPD highlights that following the adoption of the GDPR-CARPA, companies, public authorities, associations, and other organisations established in Luxembourg now have the possibility to demonstrate that their data processing activities comply with the GDPR.
In addition, the CNPD outlined that the implementation of a certification mechanism can promote transparency and compliance to the GDPR, and allow data subjects to better gauge the degree of protection offered by products, services, processes, or systems used or offered by the organisations that process their personal data. However, the CNPD underlined that the GDPR-CARPA does not certify an organisation but rather specific processing operations.
You can read the press release here, the CNPD decision on the adoption of the GDPR-CARPA here, and further information on the GDPR-CARPA certification mechanism here, all only available in French.