How can I check if my Luxembourg website is GDPR compliant?

You can use PrivacyChecker's free GDPR scanner to instantly audit your website. It checks cookie consent, privacy policy, security headers, and 25+ compliance points relevant to Luxembourg's data protection requirements.

PrivacyChecker

🇱🇺

GDPR Compliance in Luxembourg

Lëtzebuerg · Law of 1 August 2018

TL;DR

Websites targeting users in Luxembourg must comply with GDPR as implemented locally through the Law of 1 August 2018. The supervisory authority is the Commission Nationale pour la Protection des Données (CNPD). Notable enforcement: Amazon fined for ad targeting (€746 million). Use our free scanner below to check your website instantly.

Check your website's Luxembourg compliance now

Free audit — 25+ automated checks in 60 seconds

Scan My Website Free →

Data Protection Authority

Authority

Commission Nationale pour la Protection des Données (CNPD)

Website

cnpd.public.lu ↗

Local Law

Law of 1 August 2018

Language

French, German, Luxembourgish

Largest Fine

€746 million

Population

660,000

Key Requirements for Luxembourg

Home to Amazon EU — site of the largest GDPR fine ever (€746M)

Cookie consent must be prior and informed

DPO required for public bodies and large processors

Data breach notification within 72 hours

Special financial sector data protection rules

Multilingual privacy notices recommended

What Makes Luxembourg Different?

Luxembourg's CNPD issued the record €746 million fine against Amazon for targeted advertising without proper consent — the largest GDPR fine to date. Many major tech companies have EU headquarters in Luxembourg.

Luxembourg Website Compliance Checklist

☐

Cookie consent banner that requires opt-in before non-essential cookies

☐

Clear identification of data controller and contact details

☐

Data Processing Agreement (DPA) with all third-party processors

☐

Lawful basis documented for each processing activity

☐

Data Subject Access Request (DSAR) process in place

☐

Data breach notification procedure compliant with 72-hour rule

☐

Data Protection Impact Assessment for high-risk processing

☐

International data transfer mechanisms documented (SCCs, adequacy decisions)

☐

Records of processing activities (ROPA) maintained

Frequently Asked Questions

What are the GDPR requirements for websites in Luxembourg?

In Luxembourg, websites must comply with GDPR as implemented by the Law of 1 August 2018. Key requirements include obtaining explicit consent before setting non-essential cookies, providing a clear privacy policy, appointing a DPO when required, and notifying data breaches within 72 hours to the Commission Nationale pour la Protection des Données (CNPD).

Who enforces GDPR in Luxembourg?

The Commission Nationale pour la Protection des Données (CNPD) is the supervisory authority responsible for enforcing data protection laws in Luxembourg. They can investigate complaints, conduct audits, and issue fines up to €20 million or 4% of annual global turnover.

How can I check if my website complies with Luxembourg data protection laws?

Use PrivacyChecker's free scanner to perform an instant audit of your website. Our tool checks 25+ compliance points including cookie consent, privacy policy presence, security headers, tracker detection, and more — all relevant to Luxembourg's GDPR requirements.

Is your website compliant in Luxembourg?

Find out in 60 seconds with our free GDPR scanner

Run Free Audit →

GDPR Compliance in Other Countries

🇩🇪Germany 🇫🇷France 🇳🇱Netherlands 🇪🇸Spain 🇮🇹Italy 🇧🇪Belgium 🇦🇹Austria 🇵🇱Poland