Specific legal and regulatory provisions must be respected by organisations. These provisions cover respect for privacy, copyright, and regulatory provisions specific to each activity sector (See also legal aspects).
The Luxembourg Law of 2 August 2002 on the protection of individuals in respect of the processing of personal data aims to: ‘protect the fundamental freedoms and rights of physical persons […] with regard to the processing of data of a personal nature’.
It also establishes the National Commission for Data Protection (Commission nationale à la protection des données ou CNPD – http://www.cnpd.lu) ‘responsible for ensuring […] that the data subject to processing […] complies with […] this Law’. All organisations in Luxembourg are subject to this law and must respect it.
For example, the processing of personal data must, in certain cases, receive prior authorisation from the CNPD.
Furthermore, since the introduction of the GDPR in Luxembourg, it is important to be even more careful when handling personal data.You should, therefore, ensure that:
The Law of 18 April 2004 on copyright, related rights, databases and patents includes ‘computer programs’ and ‘databases’ within its framework. To be able to use these legally, an end-user licence agreement must be provided with the software. This user licence must be valid for the period of use. Different types of licence exist: postal, global, rental, free, etc.
You, therefore, need to:
An organisation may be asked, by its partners or by the legal system, to prove or disprove its actions. This particularly concerns email communications and those with commercial or legal pertinence (e-business transactions, financial orders, etc.).
It is, therefore, important to:
Depending on its nature, an organisation may be subject to specific regulations that require to take special security measures. Examples of regulations:
It is, therefore, important to