The National Commission for Data Protection (“Commission Nationale pour la Protection des Données” “CNPD”) has published new decisions  pronouncing substantial fines and/or corrective measures for non-compliance with the provisions of the GDPR . Below, you will find a summary of the latest breaches and sanctions pronounced by the regulatory authority:
Decisions taken by the regulatory authority may be appealed within three months of their notification to the company. The appeal must be brought before the Administrative Court and must be submitted through a qualified lawyer (“Avocat à la Cour”).
The “Data Protection” Department deals with compliance, data protection infringement proceedings and possible appeals against decisions taken against the company.
 Decisions taken by the CNPD are available under the following address: https://cnpd.public.lu/fr/decisions-sanctions.html.
 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.