Unknown – €15,400 Fine (Luxembourg, 2021)

€15,400Commission Nationale pour la Protection des Données27 October 2021Luxembourg
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A company in Luxembourg was fined EUR 15,400 for not properly involving its data protection officer in privacy matters. The officer was not reporting directly to top management, which is required by GDPR. This case shows that companies must ensure their privacy officers are fully integrated into their data protection processes.

What happened

The company failed to involve its data protection officer in all relevant privacy matters and did not have them report directly to top management.

Who was affected

The company's data protection officer and potentially the individuals whose data was not properly managed.

What the authority found

The Luxembourg authority decided that the company did not adequately involve its data protection officer in privacy matters, violating GDPR requirements.

Why this matters

This case highlights the critical role of data protection officers and the need for them to be directly involved in privacy decisions. Companies should ensure their officers have the authority and access needed to fulfill their duties.

GDPR Articles Cited

Art. 38(1) GDPR
Art. 39(1)(a) GDPR
Luxembourg enforcementCommission Nationale pour la Protection des Données actionsAll Unknown actions
Full Legal Summary
Detailed

The Luxembourg DPA has imposed a fine of EUR 15,400 on a company. According to the DPA, the controller failed to involve the data protection officer in all matters related to the protection of personal data. In addition, contrary to the requirements of the GDPR, the data protection officer did not report directly to the highest management level; instead, there were two levels of hierarchy in between. Also, the controller did not have a data protection control plan in place to demonstrate that the data protection officer was performing their duties appropriately.

Related Enforcement Actions (8)

Other enforcement actions involving Unknown in LU

Fine
Apr 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 2,800 on a company. The controller had installed location sensors on a number of cars in its ...

€3K
Fine
May 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 1,000 on a company. The controller had installed a video surveillance system with the purpose...

€1K
Fine
Jun 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 7,200 on a company. The company had installed a video surveillance system to protect the comp...

€7K
Fine
Jun 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 12,500 on a company. The company had installed a video surveillance system for the purpose of...

€13K
Fine
Oct 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg has imposed a fine of EUR 5,300 on a company. The company had installed 75 surveillance cameras on its premises as well as tra...

€5K
Fine
Oct 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg has imposed a fine of EUR 13,200 on a company. According to the DPA, the controller failed to involve the data protection offi...

€18K
Fine
Oct 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg has imposed a fine of EUR 13,200 on a company. According to the DPA, the controller firstly failed to involve the data protect...

€13K
Current
Oct 2021

Fine

€15K

Fine
Dec 2021· Commission Nationale pour la Protection des Données

The DPA from Luxembourg (CNPD) has imposed a fine of EUR 6,800 on a company. The company had installed a video surveillance system to protect the comp...

€7K

Details

Fine Date

27 October 2021

Authority

Commission Nationale pour la Protection des Données

Fine Amount

€15,400

Enforcement Tracker ID

ETid-920

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Unknown - Luxembourg (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: