Luxembourg legislative proposal implementing and complementing GDPR
The Member States in Luxembourg have numerous options when it comes to implementing the General Data Protection Regulation (GDPR) and recently submitted a new bill to parliament that seeks to abolish the Act of Aug. 2, 2002 on the Protection of Persons with regard to the Processing of Personal Data.
The bill designates the current data protection authority - the CNPD - as the competent authority for enforcement of the GDPR and increases the number of effective members from three to four. It also focuses on investigation and enforcement, and an internal separation between investigation and decision-making powers.
Clarification is offered regarding the GDPR 's fines and includes administrative fees to public authorities, and penalties to compel compliance with CNPD decisions. Specific provisions for journalistic-, research- and healthcare-related data processing also will apply.