Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Luxembourg: CNPD adopts first ever GDPR certification mechanism

The National Commission for Data Protection ('CNPD') announced, on 8 June 2022, that it had adopted, on 13 May 2022, its certification mechanism, the General Data Protection Regulation (Regulation (EU) 2016/679) Certified Assurance Report-based Processing Activities ('GDPR-CARPA'), making it the first certification mechanism to be adopted on a national and international level under the GDPR. In particular, the CNPD highlights that following the adoption of the GDPR-CARPA, companies, public authorities, associations, and other organisations established in Luxembourg now have the possibility to demonstrate that their data processing activities comply with the GDPR.

In addition, the CNPD outlined that the implementation of a certification mechanism can promote transparency and compliance to the GDPR, and allow data subjects to better gauge the degree of protection offered by products, services, processes, or systems used or offered by the organisations that process their personal data. However, the CNPD underlined that the GDPR-CARPA does not certify an organisation but rather specific processing operations.

You can read the press release here, the CNPD decision on the adoption of the GDPR-CARPA here, and further information on the GDPR-CARPA certification mechanism here, all only available in French.