Articles, by our experts

Unpacking compliance, security and AI.

Our DPOs and CISOs regularly share their take on regulatory and technical news here: new CNPD guidelines, notable sanctions, incident lessons learned, evolutions on the AI Act, NIS 2 and DORA. To go beyond the press release.

Type: All Expertise News
Topics: luxembourg 14 expertise 13 reglementaire 13 rgpd 11 nis-2 8 cybersecurite 7 cnpd 5 ilr 5 solution 5 conformite 4 veille 4 actualite 4 dora 4 ransomware 3 edpb 3

7 articles found · #rgpd · Expertise Luxgap

consultant 13/05/2026

CNPD — Workplace video surveillance: proportionality, DPIA and employee rights

Workplace cameras are allowed in Luxembourg, but under strict rules: legal basis, proportionality, frequent DPIA, L.261‑1 information duties and employee rights. Document everything, camera by camera.

expertisereglementairergpd
consultant 12/05/2026

GDPR – Article 28: the watertight processor contract

In 2026, every DPO/CISO must bulletproof processor contracts. Mandatory clauses, EDPB/CNPD guidance, and a practical audit playbook for a watertight Article 28.

expertisereglementairergpd
consultant 07/05/2026

NIS 2 in Luxembourg: Law of 5 May 2026 published—what to do before 10 May

Luxembourg’s law transposing NIS 2 was published on 5 May 2026 and enters into force on 10 May. Broader scope, stronger governance, incident reporting within 24 h/72 h to ILR via SERIMA. Priority actions and official sources.

expertisereglementairenis-2
consultant 06/05/2026

AI Act – Article 50: transparency for chatbots and deepfakes by 2026

From 2 August 2026, any AI interaction, synthetic content, and any emotion recognition/biometric categorization system must be disclosed. Fines up to €15M or 3% of global turnover.

expertisereglementaireai-act
consultant 05/05/2026

GDPR Art. 33: Notify CNPD of a breach within 72h—without panic

Practical method, based on official texts and CNPD guidance, to decide, notify, and document a personal data breach within 72 hours.

expertisereglementairergpd
consultant 04/05/2026

EU‑US data transfers after Schrems II and the DPF: CNPD expectations 2026

Secure transatlantic flows without over‑compliance: the DPF eases transfers to certified US entities, but Article 46 and supplementary measures remain key outside the DPF. Prioritize vendor governance and DPIA documentation.

expertisereglementairergpd
consultant 02/05/2026

CNPD: recording business meetings and conversations in GDPR compliance

In 2026, Luxembourg’s CNPD frames audio/video recording of private meetings. Legal basis, transparency and retention are critical; recordings often must be deleted once the minutes are approved.

expertisereglementairergpd