Read our insights

Grant Thornton Luxembourg February Data Protection Newsletter - On 23 February, 61 data protection authorities across the globe issued a Joint Statement on AI-Generated Imagery and the Protection of Privacy (the “Joint Statement”). Signatories include the European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS), as well as national authorities from France, Germany, Belgium, Spain, Italy, and Switzerland.

Grant Thornton Luxembourg welcomes you to the January Data Protection Newsletter! As we begin 2026, we continue to share clear and practical insights on the latest developments in data protection, AI, and tech regulation, helping you stay informed and compliant in this ever-changing digital landscape.

As the 7 June 2026 deadline for transposing the EU Pay Transparency Directive (EUPTD) into national law approaches, some organisations may consider deferring action until national implementing measures are finalised. The European Commission has, however, dispelled any speculation about possible delays: no extension will be granted, and Member States are expected to meet the deadline. For employers in Luxembourg, the implication is clear - early and proactive preparation is not merely advisable; it is imperative.

Grant Thornton Luxembourg welcomes you to the December Data Protection Newsletter! This month, we highlight key developments in data protection, AI, and tech regulation, including the EDPB’s new Recommendations on eCommerce accounts, the EU Fundamental Right Agency (FRA) report on high-risk AI systems, the adoption of an AI ethics resolution by international Francophone data protection authorities, and CNIL fines for unlawful cookie practices.

Grant Thornton Luxembourg welcomes you to the November Data Protection Newsletter! This month, we highlight key developments in data protection, AI, and tech regulation, including updates on the European Commission GDPR and AI Act amendment proposal, a potential new GDPR adequacy decision, and important news for LinkedIn users regarding AI training. Whether you are managing compliance or simply aiming to stay safer and better informed online, this newsletter is for you. As always, our Data Protection Team is here to help. If you would like tailored advice or to discuss a specific issue, please contact us using the details at the end of this page.

Grant Thornton Luxembourg welcomes you to the October Data Protection Newsletter! Following the launch of our first issue in September, we continue our mission to provide you with a clear and practical overview of the latest developments in data protection, AI, and tech regulation, helping you stay informed and compliant in this ever-changing digital landscape. Whether you are a business navigating your compliance obligations or simply a citizen wanting to make your online life safer and more informed, this newsletter is for you. For more tailored advice or support, do not hesitate to reach out to our Data Protection Team using the details provided at the bottom of this page. We’ll be delighted to arrange an introductory meeting tailored to your needs.

Grant Thornton Luxembourg welcomes you to the first edition of its Data Protection Newsletter! Each month, we will bring you a clear and accessible overview of key developments in data protection, AI, and tech regulation helping you stay ahead in an ever-evolving digital landscape. Whether you are a business navigating your compliance obligations or simply a citizen wanting to make your online life safer and more informed, this newsletter is for you. For more tailored advice or support, do not hesitate to reach out to our Data Protection Team.

In the rapidly evolving financial landscape, regulatory compliance is more than just a checkbox; it’s a fundamental pillar ensuring the stability and integrity of financial markets. Two key regulations governing outsourcing and third-party ICT services in financial entities are CSSF CIRCULAR 22/806 and DORA (Digital Operational Resilience Act). While they share a number of similarities, the unique features of DORA offer some important benefits.

Le Rapport d’Analyse de Risques et le Rapport Descriptif doivent être soumis à la CSSF dans les 7 mois après la date de clôture et décrivent la situation du PSF de support sur l’année fiscale qui vient de s’écouler, comme stipulé dans les Circulaires CSSF 12/544 et 19/727.

CSSF has released a new Circular on 14 October for IT/Cloud Outsourcing. This new Circular replaces the prior authorisation requirement with a prior notification requirement in the event of outsourcing material activity but not business process outsourcing.

Our experts help both Luxembourg residents and cross-border commuters to optimise their tax situation by making the right decisions and accompanying them through the administrative procedures.

CSSF has released a new Circular on 14 October for IT/Cloud Outsourcing. This new Circular replaces the prior authorisation requirement with a prior notification requirement in the event of outsourcing material activity but not business process outsourcing.

Published in December 2020, the released Circular CSSF 20/758 on Central Administration, Internal Governance and Risk Management repeals CSSF Circular 12/552 and has been specificaly issued to the attention of Investment Firms.

Our experts help both Luxembourg residents and cross-border commuters to optimise their tax situation by making the right decisions and accompanying them through the administrative procedures.

We are committed to helping our clients, colleagues and communities, as we all try to navigate the impacts of COVID-19. Any questions? Contact our Helpline for free advice from our experts: +352 20 80 01 51.

How are you providing crucial regulatory information timely and keeping financial soundness under control?