Publication Of The First Bill Of Law Complementing The European General Data Protection Regulation

The first bill of law complementing the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC ("GDPR") was issued on 12 September 2017 (the "Bill of Law").

In spite of its direct effect, the GDPR, which will apply to all the EU Member States as of 25 May 2018, gives the Member States a certain flexibility to take additional local provisions. The Bill of Law was issued in this context.

The current Luxembourgish legal framework regarding the protection of personal data, based on the transposition of the European Directive 1995/46/CE of 24 October 1995, mainly relies upon the amended law of 2 August 2002 concerning the protection of individuals with regard to the processing of personal data (the "Law of 2002").

However, the fast evolution, since 1995, of information and communication technologies has given rise to new concerns with regard to the processing of personal data and the protection of privacy in a global environment.

Therefore, with the ever-growing concern of preserving the protection of the EU citizens' personal data, the European Commission initiated in 2012 a reform to adapt European rules to the issues raised by the globalization of communications and the evolution of technologies. This reform, conducted under the Luxembourgish Presidency, led to the adoption of the GDPR and the Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data.

Given the direct effect and wide scope of the GDPR, few room was left to EU Member States to supplement it using local legislations.

In this regard, the Bill of Law completes the GDPR by:

Adapting the Luxembourgish data protection supervisory authority to the requirements of the GDPR. Such authority remains the Commission Nationale pour la Protection des Données (the "CNPD"), but acquires new powers in order to carry out the missions defined under the GDPR (I), and; Providing specific provisions on aspects for which the GDPR required the adoption of complementary national legislations (II). I.The...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT