GDPR-CARPA

Scheme owner

LU

Competent SA

LU

Certification as tool for transfers

No

Scope

Any type of processing except:

  • personal data processing operations specifically targeting minors under 16 years old, 
  • processing operations in the context of a joint controllership, 
  • processing operations in the context of article 10 GDPR, except those that are clearly defined and regulated by Luxembourgish or European Laws and for which the CNPD is the competent supervisory authority (e.g. Loi du 1er août 2018 relative à la protection des personnes physiques à l’égard du traitement des données à caractère personnel en matière pénale ainsi qu’en matière de sécurité nationale),
  • processing operations of entities that have not officially designated a DPO* (article 37 GDPR).
     

Type of criteria

National certification criteria

Applicability of the scheme

controllers and processors established in Luxembourg

List of documents assessed by the EDPB

  • LU SA – GDPR-CARPA Certification criteria-1.docx 

Opinion 1/2022 on the draft decision of the Luxembourg Supervisory Authority regarding the GDPR – CARPA certification criteria

8 February 2022
Publication Type:
Topics:
Members:
Download