The Luxembourg Data Protection Supervisory Authority recently published information regarding when companies need to implement a DPIA. New requirements now define eight cases where a DPIA is mandatory prior to processing personal data. While some of those cases remain confined to specific sectorial situations (e.g. processing involving genetic or biometric data, systematic monitoring of an individual’s location), a high number of Luxembourg companies will likely be affected. Some of the situations involve when data processing operations involve operations with different purposes and when employee’s activities are monitored.
