GDPR-CARPA
- Scheme owner
- LU SA
- Scope
Any type of processing except:
personal data processing operations specifically targeting minors under 16 years old,
processing operations in the context of a joint controllership,
processing operations in the context of article 10 GDPR, except those that are clearly defined and regulated by Luxembourgish or European Laws and for which the CNPD is the competent supervisory authority (e.g. Loi du 1er août 2018 relative à la protection des personnes physiques à l’égard du traitement des données à caractère personnel en matière pénale ainsi qu’en matière de sécurité nationale),
processing operations of entities that have not officially designated a DPO* (article 37 GDPR). - Type of criteria
- National certification criteria
- Certification as tool for transfers
- No
- List of documents assessed by the EDPB
- LU SA – GDPR-CARPA Certification criteria-1.docx
EDPBI:EE:OSS:D:2023:1023
EDPBI:EE:OSS:D:2023:1023
- CSA
-
-
lv
-
- Main legal reference
- Article 5 (Principles relating to processing of personal data)
- Article 32 (Security of processing)
- Relevant topics
- Outcome
- Reprimand
EDPBI:EE:OSS:D:2023:1015
EDPBI:EE:OSS:D:2023:1015
- CSA
-
- Main legal reference
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 17 (Right to erasure (‘right to be forgotten’))
- Relevant topics
- Outcome
- No sanction
EDPBI:CY:OSS:D:2023:978
EDPBI:CY:OSS:D:2023:978
- CSA
-
-
mt
-
- Main legal reference
- Article 15 (Right of access by the data subject)
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Relevant topics
- Outcome
- Reprimand
EDPBI:CY:OSS:D:2023:970
EDPBI:CY:OSS:D:2023:970
- CSA
-
- Main legal reference
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 17 (Right to erasure (‘right to be forgotten’))
- Relevant topics
- Outcome
- No sanction
EDPBI:EE:OSS:D:2023:971
EDPBI:EE:OSS:D:2023:971
- CSA
-
- Main legal reference
- Article 6 (Lawfulness of processing)
- Article 12 (Transparent information, communication and modalities for the exercise of the rights of the data subject)
- Article 13 (Information to be provided where personal data are collected from the data subject)
- Article 14 (Information to be provided where personal data have not been obtained from the data subject)
- Article 15 (Right of access by the data subject)
- Article 18 (Right to restriction of processing)
- Relevant topics
- Outcome
- No violation
EDPBI:EE:OSS:D:2023:1029
EDPBI:EE:OSS:D:2023:1029
- CSA
-
- Main legal reference
- Article 17 (Right to erasure (‘right to be forgotten’))
- Relevant topics
- Outcome
- Reprimand
One-Stop-Shop case digest on Security of Processing and Data Breach Notification
Go to
One-Stop-Shop case digest on Security of Processing and Data Breach Notification
Coordinated Enforcement Action, Designation and Position of Data Protection Officers
Go to
Coordinated Enforcement Action, Designation and Position of Data Protection Officers
OSF Global Services
- Type of BCR
- Processor
- Categories of data subjects
- Employees and business contacts whose data are processed on-behalf of a controller