CNPD’s action plan: what is its position?

On 1 May 2020, the National Commission for Data Protection (CNPD) published its strategy and work program for 2020-2022. This document defines the main guiding principles for the CNPD’s actions until 2022. It is completed with an annual work program.

The CNPD established the goal of promoting awareness of and communicating on data protection. It will be fulfilled by thematic investigations, such as that carried out on DPOs, the report of which should be made public during 2021, and by the adoption of new guidelines. These guidelines will cover various topics: geolocation, international data transfer, Brexit, data breaches, processing of human resource data as well as the updating of previously published topics such as video surveillance.

Furthermore, the public health context and the Schrems II judgment will render the CNPD more vigilant with respect to data transfers to third countries. With respect to us, we are increasing our attention on websites, especially as concerns the use of cookies.

While these issues may guide its enforcement efforts during the coming months, they should not cause you to neglect your general coming into general compliance as we note several inspections have been carried out following the complaint of a competitor, a salaried employee or an unhappy customer.

These inspections cover the requirements for DPOs and data subject information. The sanctions will arrive in the weeks to come. It is to be hoped that the CNPD will remain a balanced partner for the country’s data protection strategy and allow large international groups to develop in Luxembourg in compliance with its legislation.