Luxembourg Data Privacy Laws
Luxembourg implemented the EU Data Protection Directive 95/46/EC on December 1, 2002 via the “Act Relating to the Protection of Individuals in Relation to the Processing of Personal Data” (Loi relative à la protection des personnes à l’égard du traitement des données à caractère personnel).
The EU Data Protection Directive is the Directive on the protection of individuals’ personal data and the movement of that data. It outlines personal data protection requirements in the EU.
The Article 29 Working Party was established under the EU Data Protection Directive and is made up of representatives from the data protection authorities of all the EU Member States and the European Commission. They work to synchronize the application of data protection rules throughout the EU and advise the EU Commission on the adequacy of data protection standards in non-EU countries.
After years of negotiations, in June of 2015 the Council of the European Union agreed to new EU Data Protection Regulations that will co-ordinate the law across the 28 member state block for the first time. There will now be a three way discussion between the European Commission, the European parliament and the Council of the European Union on each of their amendments to the European Commission’s proposal. These discussions not result in new laws until 2017 at the earliest. The result may be a single European data protection and privacy regulator.
Many technology firms are concerned about the regulations and how it may drive internet companies to other jurisdictions with less regulation. However, there are other countries with similarly strict regulations including Russia, Australia, Canada, and China. Many organizations operating in these countries quickly adopted new technology in order to comply with data residency or privacy laws.
Meeting Luxembourg Data Protection Requirements via a Cloud Data Protection Platform
One solution organizations are increasingly utilizing to address stricter residency/sovereignty requirements is a Cloud Data Protection Gateway. These Platforms allow companies and government entities to replace regulated or sensitive data with a token before it goes to the cloud. With tokenization, data leaving a country’s geographical boundary is replaced with a token so it is meaningless if accessed or viewed by unauthorized third parties. Enterprises are able to comply with strict residency and privacy laws because sensitive data never actually leaves the organization’s premise. With tokenization, organizations can be confident that their sensitive data is within their full control at all times.
Data Privacy, Laws & Regulations
The Blue Coat Cloud Data Protection Gateway lets Luxembourg enterprises define their data protection policies to ensure that sensitive data is appropriately secured and protected in cloud applications. Authorized data security administrators can select, on a field-by-field basis, whether to allow a data going to the cloud to remain in clear text, to be encrypted, or to be replaced with a token. The data in the cloud is either tokenized or encrypted so it is meaningless when viewed in the cloud, and organizations can be confident that their sensitive data is within their full control at all times.