Luxembourg’s National Commission for Data Protection published guidelines for payment service providers on the retention periods of personal data. The agency noted the guidance is not exhaustive, but it acknowledges the unique circumstances around providers’ collection practices and how innovation has “increased the ability of payment service providers to collect, store, combine, and analyze a wide range of data about their users.”
Full story