top of page

Data Protection (GDPR) Attorney in Luxembourg

The General Data Protection Regulation (GDPR) entered into force on May 25, 2018 in all member states of the European Union. It is a unified and more protective legal regime for the protection of personal data of European citizens.

The GDPR is made up of 99 articles and almost all of the professionals, freelancers, small and large businesses, of which, of course, the GAFA (Google Amazon Facebook Apple), are concerned.

Personal data is mentioned in many documents, such as commercial contracts, invoices, purchase orders, employment contracts, etc.

European citizens have a right of access to their data (article 15 of the GDPR), a right to rectification of their data (article 16 of the GDPR), a right to erasure (right to be forgotten) of their data (Article 17 of the GDPR), a  right to limit the processing of their data (Article 18 of the GDPR), a right to the portability of their data (article 20 of the GDPR) and a right to object to the processing of their data (Articles 21 and 22 of the GDPR).

Companies have a number of obligations depending on the activity of the structure.

The CNPD in Luxembourg has the function of verifying the compliance of professionals with the GDPR, with the possibility of imposing very dissuasive fines.

Are you looking for a P
ersonal Data (GDPR) Lawyer
in Luxembourg ? Valette Bove Law Firm is the intellectual property law firm in Luxembourg  that suits you.

Avocat spécialisé en droit des données personnelles (RGPD) au Luxembourg

We offer a legal service of advisory, assistance and representation for all your projects and procedures, in the protection of personal data (RGPD), more specifically in the following areas:

Compliance with the General Data Protection Regulation (GDPR)


- Drafting of an action plan for compliance with the GDPR

- Compliance of all your employment contracts with the GDPR

- Compliance of all your commercial contracts with the GDPR

- Drafting of the processing register

- Drafting of a procedure for exercising the rights of data subjects

- Drafting of a Privacy policy by design and by default

- Drafting of a crisis management procedure 

- Drafting of an Impact Assessment Policy


GDPR representative within the European Union


- Representative of data controllers or processors who are not established in the European Union (Article 27 of the GDPR)

bottom of page