On 18 September 2019, Luxembourg’s National Commission for Data Protection (Commission nationale pour la protection des données, or « CNPD ») published its French-language 2018 annual report. The numbers on complaints are no surprise. Since the entry into force of the GDPR on 25 May 2018, they increased by 125%, almost by 250 complaints, in 2018 alone.

The CNPD prepared a chart showing the various reasons for the complaints which you can see below.

In addition to reinforcing your security measures, our recommendations are:

  • Make sure to put retention periods into place (you can consult our suggestion table here);
  • Implement a procedure to respond to requests to exercise rights from concerned persons;
  • Clarify your management of image rights because there is much confusion with them and the regulation of personal data protection; and
  • Comply with the legal requirements concerning sending unsolicited emails for which no consent has been granted.

Reminder: the keeping of a register of processing operations is in practice an obligation for all entities, regardless of the number of employees. Establish one and keep it up to date as much as possible to know what you do, why you do it and ensure that you have the right to the carry out the listed processing operations.

For more details, you can consult the report here.

Our Digital team is available to assist you with updating your GDPR procedures.