Luxembourg in a nutshell. Everything interesting related to Luxembourg in French, English, German and Luxembourgish. We Luxembourgers are multilingual ;-)
The national commission for data protection has become the first data protection authority in Europe to accredit a GDPR certification body.
On 12 October, Luxembourg’s national commission for data protection accredited the entity EY PFS Solutions via its certification mechanism, GDPR-CARPA (General Data Protection Regulation-Certified Assurance Report-Based Processing Activities). The mechanism is the first to be adopted on a national and international level under the GDPR. Accreditation criteria are based on audits and quality control.
Thanks to the accreditation, EY PFS Solutions can now issue GDPR certifications for five years.
The national commission for data protection has become the first data protection authority in Europe to accredit a GDPR certification body.
On 12 October, Luxembourg’s national commission for data protection accredited the entity EY PFS Solutions via its certification mechanism, GDPR-CARPA (General Data Protection Regulation-Certified Assurance Report-Based Processing Activities). The mechanism is the first to be adopted on a national and international level under the GDPR. Accreditation criteria are based on audits and quality control.
Thanks to the accreditation, EY PFS Solutions can now issue GDPR certifications for five years.
Avec la digitalisation de la société, de plus en plus d’entreprises, administrations publiques, associations et autres professionnels peuvent être amenés à collecter, échanger et traiter des données à caractère personnel.
Or, les organismes qui utilisent ces données seront soumis à des règles encore plus strictes à compter du vendredi 25 mai, et cela à travers toute l’Union européenne.
Des traitements tels que la vidéosurveillance, la géolocalisation, la gestion des ressources humaines (conservation des CV, par exemple), la biométrie ou encore le transfert vers des pays tiers vont tous devoir se faire dans le respect de ces règles.
Un séminaire organisé par le CNPD Afin de respecter les droits des citoyens et leurs propres obligations, il est important que les acteurs (intéressés, responsables de traitement, sous-traitants…) comprennent la protection des données.
«L’objectif du RGPD est double. D’une part, il vise à redonner le contrôle sur les données qu’il partage au particulier. D’autre part, il doit permettre de faire circuler les données au sein de l’UE», explique la présidente de la Commission nationale de protection des données (CNPD), Tine Larsen.
Avec la digitalisation de la société, de plus en plus d’entreprises, administrations publiques, associations et autres professionnels peuvent être amenés à collecter, échanger et traiter des données à caractère personnel.
Or, les organismes qui utilisent ces données seront soumis à des règles encore plus strictes à compter du vendredi 25 mai, et cela à travers toute l’Union européenne.
Des traitements tels que la vidéosurveillance, la géolocalisation, la gestion des ressources humaines (conservation des CV, par exemple), la biométrie ou encore le transfert vers des pays tiers vont tous devoir se faire dans le respect de ces règles.
Un séminaire organisé par le CNPD Afin de respecter les droits des citoyens et leurs propres obligations, il est important que les acteurs (intéressés, responsables de traitement, sous-traitants…) comprennent la protection des données.
«L’objectif du RGPD est double. D’une part, il vise à redonner le contrôle sur les données qu’il partage au particulier. D’autre part, il doit permettre de faire circuler les données au sein de l’UE», explique la présidente de la Commission nationale de protection des données (CNPD), Tine Larsen.
À l’heure actuelle, le service de Christophe Buschmann compte cinq personnes, qui pourront s’appuyer sur la vingtaine d’experts sectoriels que compte la CNPD. Mais les effectifs vont augmenter. «Des recrutements d’auditeurs sont en cours, assure-t-il. Nous sommes en train de définir les derniers détails de la méthodologie que nous appliquerons, mais nous veillerons à être très professionnels pour transmettre un sentiment de confiance.» Créée en 2002 suite à la transposition dans la loi de la directive européenne sur la protection des données, la CNPD va devenir une institution-clé de l’État à partir du 25 mai. Il y a trois ans, elle comptait une quinzaine de collaborateurs. Il est prévu qu’ils soient 35 d’ici la fin de l’année et 49 en 2020. Des effectifs qui vont crescendo pour des contrôles qui seront de plus en plus nombreux au fil des ans. Pour l’année 2018, seulement 25 audits sont prévus par la CNPD. «Cela ne veut pas dire que nous n’effectuerons que 25 contrôles, tient à préciser Tine A. Larsen. Nous utiliserons des approches à la fois thématiques et sectorielles. Nous viserons donc à chaque fois plusieurs entreprises.»
À l’heure actuelle, le service de Christophe Buschmann compte cinq personnes, qui pourront s’appuyer sur la vingtaine d’experts sectoriels que compte la CNPD. Mais les effectifs vont augmenter. «Des recrutements d’auditeurs sont en cours, assure-t-il. Nous sommes en train de définir les derniers détails de la méthodologie que nous appliquerons, mais nous veillerons à être très professionnels pour transmettre un sentiment de confiance.» Créée en 2002 suite à la transposition dans la loi de la directive européenne sur la protection des données, la CNPD va devenir une institution-clé de l’État à partir du 25 mai. Il y a trois ans, elle comptait une quinzaine de collaborateurs. Il est prévu qu’ils soient 35 d’ici la fin de l’année et 49 en 2020. Des effectifs qui vont crescendo pour des contrôles qui seront de plus en plus nombreux au fil des ans. Pour l’année 2018, seulement 25 audits sont prévus par la CNPD. «Cela ne veut pas dire que nous n’effectuerons que 25 contrôles, tient à préciser Tine A. Larsen. Nous utiliserons des approches à la fois thématiques et sectorielles. Nous viserons donc à chaque fois plusieurs entreprises.»
Avec l’arrivée du GDPR, cette vidéo de sensibilisation permet de comprendre les éléments importants et les acteurs de la protection des données au Luxembourg. D’autres informations et réunions sur notre site de l’APDL www.apdl.lu.
Avec l’arrivée du GDPR, cette vidéo de sensibilisation permet de comprendre les éléments importants et les acteurs de la protection des données au Luxembourg. D’autres informations et réunions sur notre site de l’APDL www.apdl.lu.
Le RGPD au service de la cybersécurité 03 JANVIER 2018 06:00
Le compte à rebours a commencé: le règlement général sur la protection des données (RGPD) entrera en application le 25 mai prochain. Cette initiative, unique au niveau mondial, vise à renforcer les droits des Européens sur internet. Mais la mise en conformité représente un défi de taille pour les entreprises. À travers ce dossier, découvrez les changements à prévoir, ainsi que des avis d’experts sur ce règlement.
On 30 November 2017, the Luxembourg Institute of Science and Technology (LIST) participated in the ninth Luxembourg Finance Innovation Summit and was honoured to receive, together with eProseedRTC, the “RegTech Innovation of the Year” Award.
This follows LIST’s activities in collaboration with the National Commission for Data Protection (CNPD), Digital Luxembourg and eProceedRTC for designing and providing a tool enabling organisations to evaluate the extent of their compliance with the new General Data Protection Regulations (GDPR) through a comprehensive database of 350 regulatory requirements.
The six awards presented during the Luxembourg Finance Innovation Summit 2017 rewarded the best ideas and innovative projects in the Luxembourg financial sector. Eight nominees were up for the "RegTech Innovation of the Year" award. The award recognizes companies helping their customers deal with complex financial regulatory environments by offering solutions meeting compliance and reporting requirements by focusing on innovative technology.
The GDPR Compliance Support Tool featured on the list of nominees announced by the organizers. The tool was designed and prototyped by a team of experts from LIST’s department specialized in IT and regulation technologies (ITIS) before being transferred, mid-year, for industrialization to the company eProseedRTC, software publisher FinTech / RegTech and IT service provider.
Laurent Pulinckx, COO of eProseedRTC, in the presence of Olivier Willemarck and Michael Renotte (eproseed) and Michel Picard (LIST), were awarded. The award recognizes the innovative aspect of the GDPR Compliance Support Tool as a tool simplifying regulatory compliance with GDPR, which will come into force in the spring of 2018.
On 30 November 2017, the Luxembourg Institute of Science and Technology (LIST) participated in the ninth Luxembourg Finance Innovation Summit and was honoured to receive, together with eProseedRTC, the “RegTech Innovation of the Year” Award.
This follows LIST’s activities in collaboration with the National Commission for Data Protection (CNPD), Digital Luxembourg and eProceedRTC for designing and providing a tool enabling organisations to evaluate the extent of their compliance with the new General Data Protection Regulations (GDPR) through a comprehensive database of 350 regulatory requirements.
The six awards presented during the Luxembourg Finance Innovation Summit 2017 rewarded the best ideas and innovative projects in the Luxembourg financial sector. Eight nominees were up for the "RegTech Innovation of the Year" award. The award recognizes companies helping their customers deal with complex financial regulatory environments by offering solutions meeting compliance and reporting requirements by focusing on innovative technology.
The GDPR Compliance Support Tool featured on the list of nominees announced by the organizers. The tool was designed and prototyped by a team of experts from LIST’s department specialized in IT and regulation technologies (ITIS) before being transferred, mid-year, for industrialization to the company eProseedRTC, software publisher FinTech / RegTech and IT service provider.
Laurent Pulinckx, COO of eProseedRTC, in the presence of Olivier Willemarck and Michael Renotte (eproseed) and Michel Picard (LIST), were awarded. The award recognizes the innovative aspect of the GDPR Compliance Support Tool as a tool simplifying regulatory compliance with GDPR, which will come into force in the spring of 2018.
At the first RegTech Summit held on 12 October 2017, the Luxembourg Institute of Science and Technology (LIST), Digital Luxembourg and eProseedRTC supported the National Commission for Data Protection (CNPD) in launching a tool to enable organisations to evaluate the extent of their compliance with the new General Data Protection Regulations (GDPR).
PREPARING FOR 25 MAY 2018
Companies, public administrations and associations who handle personal data are required to comply with the new European regulations by 25 May 2018.
As a regulatory body, CNPD, together with LIST, have formed a partnership for the purposes of a research project, which is also supported by Digital Luxembourg, in an effort to assist private and public stakeholders in integrating the provisions of the new regulations.
This tool – the "GDPR Compliance Support Tool" - also contributes to Luxembourg's objective of digitising and simplifying procedures, particularly in terms of ensuring compliance with the current and future regulatory framework.
ASCERTAIN YOUR ORGANISATION'S LEVEL OF COMPLIANCE
The "GDPR Compliance Support Tool" is an innovative, intuitive solution enabling users to ascertain the level of maturity of their organisations. It contains a comprehensive, in-depth database covering 350 regulatory requirement criteria.
The tool will allow stakeholders not only to manage a data processing register in addition to the other documents required to demonstrate their compliance, but also to monitor the progress of their level of organisational maturity. The tool will be offered to companies free of charge and its content will be updated on an ongoing basis.
At the first RegTech Summit held on 12 October 2017, the Luxembourg Institute of Science and Technology (LIST), Digital Luxembourg and eProseedRTC supported the National Commission for Data Protection (CNPD) in launching a tool to enable organisations to evaluate the extent of their compliance with the new General Data Protection Regulations (GDPR).
PREPARING FOR 25 MAY 2018
Companies, public administrations and associations who handle personal data are required to comply with the new European regulations by 25 May 2018.
As a regulatory body, CNPD, together with LIST, have formed a partnership for the purposes of a research project, which is also supported by Digital Luxembourg, in an effort to assist private and public stakeholders in integrating the provisions of the new regulations.
This tool – the "GDPR Compliance Support Tool" - also contributes to Luxembourg's objective of digitising and simplifying procedures, particularly in terms of ensuring compliance with the current and future regulatory framework.
ASCERTAIN YOUR ORGANISATION'S LEVEL OF COMPLIANCE
The "GDPR Compliance Support Tool" is an innovative, intuitive solution enabling users to ascertain the level of maturity of their organisations. It contains a comprehensive, in-depth database covering 350 regulatory requirement criteria.
The tool will allow stakeholders not only to manage a data processing register in addition to the other documents required to demonstrate their compliance, but also to monitor the progress of their level of organisational maturity. The tool will be offered to companies free of charge and its content will be updated on an ongoing basis.
Hotshot is a data privacy and security platform which enables businesses to protect data based upon specific geographical and time-based restriction policies. The startup combines the simplicity of a high-speed communications platform (like Slack) with identity and access management features for cloud platforms (like Okta).
It is the first GDPR-compliant messaging, collaboration and identity platform to be released for use in the EU and North America. Aaron Turner, CEO and Cofounder of Hotshot believes that the EU’s leadership in this area will help the company build a platform which will serve the needs of the EU market as well as deliver technologies that will address the needs of new data privacy regulations in the US as well. Interview with the American serial entrepreneur.
Hotshot is a data privacy and security platform which enables businesses to protect data based upon specific geographical and time-based restriction policies. The startup combines the simplicity of a high-speed communications platform (like Slack) with identity and access management features for cloud platforms (like Okta).
It is the first GDPR-compliant messaging, collaboration and identity platform to be released for use in the EU and North America. Aaron Turner, CEO and Cofounder of Hotshot believes that the EU’s leadership in this area will help the company build a platform which will serve the needs of the EU market as well as deliver technologies that will address the needs of new data privacy regulations in the US as well. Interview with the American serial entrepreneur.
Luxtrust annonce un chiffre d’affaires en hausse de 10% et de nouveaux développements à l’international, notamment avec l’Union européenne.
Le prestataire de services informatiques Luxtrust annonce un exercice 2017 en progression. Le chiffre d’affaires a augmenté de 10% à 10,7 millions d’euros, avec une marge opérationnelle supérieure à 10,5%.
Luxtrust, dont l’objectif est de garantir l’identité digitale et la sécurité des données électroniques des entreprises et des citoyens, s’est donné pour ambition de percer à l’international. Après avoir consenti d’importants investissements au cours des deux dernières années, il annonce avoir gagné de nouveaux clients au Luxembourg et à l’étranger.
Développements En octobre 2017, la société basée à Capellen a délivré la première signature électronique légale d’un acte réglementaire de l’Union européenne. Quelques semaines plus tard, elle a aussi été sélectionnée par la DG Santé de la Commission européenne à la suite d’un appel d’offres international pour la fourniture de solutions de signatures électroniques et de gestion des identités électroniques pour le programme «Traces» (gestion des importations d’animaux, de plantes et de denrées alimentaires).
Luxtrust précise d’ailleurs que d’autres contrats internationaux ont été gagnés en 2017 et seront dévoilés dans les prochains mois. La société présentera aussi, prochainement, une nouvelle application mobile. Ensuite, ce sera une plateforme de signature et de nouveaux services de confiance par rapport à la nouvelle directive sur la protection des données (RGPD).
Luxtrust annonce un chiffre d’affaires en hausse de 10% et de nouveaux développements à l’international, notamment avec l’Union européenne.
Le prestataire de services informatiques Luxtrust annonce un exercice 2017 en progression. Le chiffre d’affaires a augmenté de 10% à 10,7 millions d’euros, avec une marge opérationnelle supérieure à 10,5%.
Luxtrust, dont l’objectif est de garantir l’identité digitale et la sécurité des données électroniques des entreprises et des citoyens, s’est donné pour ambition de percer à l’international. Après avoir consenti d’importants investissements au cours des deux dernières années, il annonce avoir gagné de nouveaux clients au Luxembourg et à l’étranger.
Développements En octobre 2017, la société basée à Capellen a délivré la première signature électronique légale d’un acte réglementaire de l’Union européenne. Quelques semaines plus tard, elle a aussi été sélectionnée par la DG Santé de la Commission européenne à la suite d’un appel d’offres international pour la fourniture de solutions de signatures électroniques et de gestion des identités électroniques pour le programme «Traces» (gestion des importations d’animaux, de plantes et de denrées alimentaires).
Luxtrust précise d’ailleurs que d’autres contrats internationaux ont été gagnés en 2017 et seront dévoilés dans les prochains mois. La société présentera aussi, prochainement, une nouvelle application mobile. Ensuite, ce sera une plateforme de signature et de nouveaux services de confiance par rapport à la nouvelle directive sur la protection des données (RGPD).
In Rahmen unserer aktuellen Kampagne mit dem Titel "BIG DATA: wer macht was mit meinen Daten?" und der Einführung der neuen EU-Regelung zur Verarbeitung personenbezogener Daten (DSGVO) am 25. Mai, stellt BEE SECURE Ihnen ein Online-Spiel zu diesem Thema vor.
In die Rolle eines Praktikanten schlüpfen um die Herausforderungen von BIG DATA zu verstehen.
Datak ist ein Serious Game, das im Dezember 2016 vom Schweizer Fernsehen lanciert wurde. Es handelt sich dabei um ein Online-Spiel für Jugendliche ab 15 Jahren, bei dem der Spieler in die Rolle eines Praktikanten schlüpft, der von der Stadtverwaltung eingestellt wird, um sich um die sozialen Netzwerke der fiktiven Stadt "Dataville" zu kümmern.
Der Spieler muss mehrere Entscheidungen bezüglich der Erhebung von Daten treffen - seiner eigenen und jenen der Einwohner. Antwortet er richtig, gewinnt er Geld und Zeit für seinen Arbeitstag, zwei wichtige Elemente um das Spiel zu gewinnen.
In Rahmen unserer aktuellen Kampagne mit dem Titel "BIG DATA: wer macht was mit meinen Daten?" und der Einführung der neuen EU-Regelung zur Verarbeitung personenbezogener Daten (DSGVO) am 25. Mai, stellt BEE SECURE Ihnen ein Online-Spiel zu diesem Thema vor.
In die Rolle eines Praktikanten schlüpfen um die Herausforderungen von BIG DATA zu verstehen.
Datak ist ein Serious Game, das im Dezember 2016 vom Schweizer Fernsehen lanciert wurde. Es handelt sich dabei um ein Online-Spiel für Jugendliche ab 15 Jahren, bei dem der Spieler in die Rolle eines Praktikanten schlüpft, der von der Stadtverwaltung eingestellt wird, um sich um die sozialen Netzwerke der fiktiven Stadt "Dataville" zu kümmern.
Der Spieler muss mehrere Entscheidungen bezüglich der Erhebung von Daten treffen - seiner eigenen und jenen der Einwohner. Antwortet er richtig, gewinnt er Geld und Zeit für seinen Arbeitstag, zwei wichtige Elemente um das Spiel zu gewinnen.
Luxembourg’s data protection agency, the CNPD, has released a data breach notification form ahead of strict new European rules coming into effect later this year.
Among its provisions, the EU’s General Data Protection Regulation requires “data controllers” (organisations that keep personal information) to inform their national regulator of a data breach within 72 hours of discovering it, “if the breach is likely to result in a risk to the rights and freedoms of individuals.”
The GDPR applies starting 25 May.
On its website, the CNPD said organisations were not required to use the form, but it listed the required information.
The CNPD also stated that organisations needed to document all breaches of personal data, even if it is not reported to the privacy watchdog. Organisations are required to record the facts surrounding the breach, its impact and the steps taken to remedy the situation. The CNPD can ask to check this documentation.
The reporting form was published on 12 February, and is available in English and French. It should be submitted via email to databreach@cnpd.lu.
Luxembourg’s data protection agency, the CNPD, has released a data breach notification form ahead of strict new European rules coming into effect later this year.
Among its provisions, the EU’s General Data Protection Regulation requires “data controllers” (organisations that keep personal information) to inform their national regulator of a data breach within 72 hours of discovering it, “if the breach is likely to result in a risk to the rights and freedoms of individuals.”
The GDPR applies starting 25 May.
On its website, the CNPD said organisations were not required to use the form, but it listed the required information.
The CNPD also stated that organisations needed to document all breaches of personal data, even if it is not reported to the privacy watchdog. Organisations are required to record the facts surrounding the breach, its impact and the steps taken to remedy the situation. The CNPD can ask to check this documentation.
The reporting form was published on 12 February, and is available in English and French. It should be submitted via email to databreach@cnpd.lu.
EASING THE WAY TOWARD GRPD PUBLISHED ON 14/12/2017
A few days after receiving the “RegTech Innovation of the Year” Award together with eProseed, the Luxembourg Institute of Science and Technology (LIST) is pleased to announce that on 5 December 2017, its industrial partner eProseed was granted the "IT Development Company of the Year" award by the members of the Luxembourg ICT community at the annual IT One Gala Dinner.
eProseed and LIST achieved a successful collaborative work with the development of the tool enabling organisations to evaluate the extent of their compliance with the new GDPR through a comprehensive database of 350 regulatory requirements.
As mentioned during the award ceremony, the decisive point that justified the jury's choice was the GDPR Compliance Support Tool, a software tool enabling organisations to self-assess their level of compliance with the EU GDPR, which comes into force in May 2018. The GDPR Compliance Support Tool was developed in tight collaboration with Luxembourg's data protection authority (CNPD), LIST and Digital Luxembourg, the government initiative that supports public and private actions in the digital area.
A tool of this kind is a premiere in the European Union.
EASING THE WAY TOWARD GRPD PUBLISHED ON 14/12/2017
A few days after receiving the “RegTech Innovation of the Year” Award together with eProseed, the Luxembourg Institute of Science and Technology (LIST) is pleased to announce that on 5 December 2017, its industrial partner eProseed was granted the "IT Development Company of the Year" award by the members of the Luxembourg ICT community at the annual IT One Gala Dinner.
eProseed and LIST achieved a successful collaborative work with the development of the tool enabling organisations to evaluate the extent of their compliance with the new GRPD through a comprehensive database of 350 regulatory requirements.
As mentioned during the award ceremony, the decisive point that justified the jury's choice was the GDPR Compliance Support Tool, a software tool enabling organisations to self-assess their level of compliance with the EU GRPD, which comes into force in May 2018. The GDPR Compliance Support Tool was developed in tight collaboration with Luxembourg's data protection authority (CNPD), LIST and Digital Luxembourg, the government initiative that supports public and private actions in the digital area.
A tool of this kind is a premiere in the European Union.
Data is the gold dust of the 21st century, and with the amount of that data set to double every two years (reaching 44 trillion gigabytes by 2020), it’s allowing organizations of all sizes to open up opportunities to truly understand their customers. For instance, analyzing data in near real-time and acting on insights to deliver superior experiences.
However, the data bonanza is not a free-for-all. The very acts which excite businesses – holding and using data – have the potential to expose them to significant legal and reputation damage. Just as there has been a groundswell of interest in harnessing the power of data, so consumers are becoming more aware of their right to privacy and what giving away their data can mean. Organizations that fail to properly secure customer information not only face regulatory and legal sanctions, but can expect significant damage to reputation and trust. Marissa Mayer lost her annual bonus over the mishandling of security breaches that exposed the personal information of more than 1 billion users.
Governments are reacting to the increased demand for data legislation as well. Regulations such as the EU’s General Data Protection Regulation (GDPR) which comes into force on 28 May 2018 guarantees the data privacy rights of any EU citizen, no matter where their data is being held or processed. It will have consequences for businesses globally, not just in the European Union.
Data is the gold dust of the 21st century, and with the amount of that data set to double every two years (reaching 44 trillion gigabytes by 2020), it’s allowing organizations of all sizes to open up opportunities to truly understand their customers. For instance, analyzing data in near real-time and acting on insights to deliver superior experiences.
However, the data bonanza is not a free-for-all. The very acts which excite businesses – holding and using data – have the potential to expose them to significant legal and reputation damage. Just as there has been a groundswell of interest in harnessing the power of data, so consumers are becoming more aware of their right to privacy and what giving away their data can mean. Organizations that fail to properly secure customer information not only face regulatory and legal sanctions, but can expect significant damage to reputation and trust. Marissa Mayer lost her annual bonus over the mishandling of security breaches that exposed the personal information of more than 1 billion users.
Governments are reacting to the increased demand for data legislation as well. Regulations such as the EU’s General Data Protection Regulation (GDPR) which comes into force on 28 May 2018 guarantees the data privacy rights of any EU citizen, no matter where their data is being held or processed. It will have consequences for businesses globally, not just in the European Union.
To get content containing either thought or leadership enter:
To get content containing both thought and leadership enter:
To get content containing the expression thought leadership enter:
You can enter several keywords and you can refine them whenever you want. Our suggestion engine uses more signals but entering a few keywords here will rapidly give you great content to curate.
The national commission for data protection has become the first data protection authority in Europe to accredit a GDPR certification body.
On 12 October, Luxembourg’s national commission for data protection accredited the entity EY PFS Solutions via its certification mechanism, GDPR-CARPA (General Data Protection Regulation-Certified Assurance Report-Based Processing Activities). The mechanism is the first to be adopted on a national and international level under the GDPR. Accreditation criteria are based on audits and quality control.
Thanks to the accreditation, EY PFS Solutions can now issue GDPR certifications for five years.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/luxembourg-europe/?tag=Digital+L%C3%ABtzebuerg
https://www.scoop.it/topic/luxembourg-europe/?&tag=GDPR