GDPR & data
GDPR and data protection lawyer in Luxembourg
The firm guides your GDPR compliance: records of processing activities, privacy policies, data processing agreements (DPAs) and dealings with the CNPD.
The GDPR applies to any organisation processing personal data. In Luxembourg, the supervisory authority is the CNPD.
The firm turns a complex regulatory obligation into a clear approach, proportionate to your activity.
The need
Websites, customer files, HR and marketing tools: most businesses process personal data without any formal framework.
Information notices, the record of processing and contracts with service providers are often missing.
The risk
The GDPR provides for fines that can reach very high amounts, together with a reputational risk in the event of a data breach.
The absence of a legal basis or of valid information makes a processing activity unlawful.
How the firm helps
Mapping of your processing activities, drafting of the record of processing, privacy policies and data processing clauses, and support in the event of an inspection.
The firm prioritises actions according to your real level of risk. Our digital tools only help gather and qualify information; the legal analysis is provided by a lawyer admitted to the Luxembourg Bar.
Practice areas
When to call on the firm
- Bringing your website and files into GDPR compliance.
- Drafting a privacy policy and information notices.
- Framing the relationship with a processor (DPA).
- Handling a data subject request or a CNPD inspection.
Method
Our engagement process
- 1
Information intake
You describe your need via a structured form or an initial call. Our digital tools serve only to organise this information and save time.
- 2
Lawyer qualification
Maître Maglo reviews your situation, identifies the legal issues and confirms the feasibility and exact scope of the engagement.
- 3
Transparent quote
You receive a clear fee proposal, a fixed fee or a range, before any engagement. Nothing is billed without your approval.
- 4
Legal work
The firm drafts, negotiates or litigates as required. Every deliverable is designed and approved by a lawyer admitted to the Luxembourg Bar.
- 5
Tracking and delivery
You follow your matter transparently and receive your finalised documents with the explanations you need.
Documents required
- • A description of your processing activities and tools
- • Existing policies and notices
- • Contracts with your service providers
Deliverables
- • A record of processing activities
- • A privacy policy and information notices
- • Data processing clauses (DPA)
Indicative timing
Basic compliance can be achieved within a few weeks, depending on the scope.
Fixed fee or ongoing support
Depending on the scope (audit, documentation, ongoing support), costed in advance, from EUR 1,500.
FAQ
Frequently asked questions
Does the GDPR apply to my small business?
Yes, the GDPR applies to your small business as soon as you process personal data (customers, employees, prospects), whatever your size.
Do I need to appoint a DPO?
Appointing a data protection officer is only mandatory in certain cases. The firm tells you whether a DPO is required for your organisation.
Who enforces the GDPR in Luxembourg?
The GDPR is enforced in Luxembourg by the Commission nationale pour la protection des donnees (CNPD), the competent supervisory authority.
Let’s talk about your matter
Describe your situation: you receive an initial analysis and a transparent quote, with no obligation. One dedicated lawyer, from start to finish.