Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Luxembourg: CNPD issues €15,000 fine to company for failures regarding DPO function

The Luxembourg data protection authority ('CNPD') issued, on 1 July 2021, its decision, of 11 June 2021, whereby it issued a fine of €15,000 to a company for violations of Articles 38(1), 38(3), 39(1)(a), and 39(1)(b) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), as part of its focus on investigations into the function of the data protection officer ('DPO'). In particular, the CNPD required the company to remedy its violations of Articles 38(1), 38(3), 39(1)(a), and 39(1)(b) of the GDPR within four months following the notification of the decision and imposed the €15,000 fine. Specifically, the decision requires the company to ensure the formalised and documented inclusion of the DPO in all matters related to data protection, to ensure the implementation and maintenance of a formal mechanism guaranteeing the independence of the DPO, ensuring the formal and documented roll-out of the DPO's responsibility of carrying out audits, and ensure that the DPO exercises, in a formal and documented manner, its responsibility to inform and advise the data controller.

You can read the decision, only available in French, here.