In 2018, the Luxembourg DPA initiated 25 audit proceedings related to the role of the Data Protection Officer (DPO) under the GDPR. One of the audits involved a public entity in Luxembourg, which was found to be in breach of four distinct obligations related to the role of the DPO under the GDPR. The head of investigation found that the entity had failed to publish the contact details of its DPO on its website in a way that made them easily accessible for data subjects, which violated Article 37(7) GDPR. The contact details were difficult to find and only available in English, rather than any of the official languages of Luxembourg. Although the controller addressed this issue during the investigation by publishing the contact details of the DPO in another language on its website, the CNPD still considered it to be a breach of Article 37(7) GDPR.