New rules governing GDPR treatment of data of US companies
13 July 2023
On 10 July 2023 the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework.
Read MoreCompensation rights for non-material loss as a result of GDPR violations
27 June 2023
A fundamental question in data protection laws has always been whether (and under what conditions) a person can claim damages for violations of data protection laws, in the event that such person cannot pinpoint to any specific and actual loss that has occurred as a result of the violation. The Court of Justice of the European Union (the CJEU) has now given an answer to this question in the recent ruling in case 300/21 - UI v Österreichische Post (the Österreichische Post Case), which is the first case dealing with an individual’s right to compensation for non-material loss for breaches of GDPR and discusses whether a GDPR infringement automatically grants a right to compensation and the relevant considerations that are in play.
Read MoreProposed changes in the GDPR data breach reporting regime for non–EU businesses
28 December 2022
The European Data Protection Board changes the framework by which data breach notifications should take place under GDPR for non – EU businesses.
Read MoreMigration to the new Standard Contractual Clauses
30 November 2022
Businesses have until 27 December 2022 to migrate all contracts that use the old standard contractual clauses to the new model contract clauses (i.e. standard contractual clauses) for international data transfers from EU to third countries.
Read MoreLoss or misplacing documents containing personal data
08 September 2022
The importance for enterprises to know and take action when they identify any event of loss or misplacement of documents containing personal data cannot be overstated.
Read MoreThe European Commission has published Q&A on Standard Contractual Clauses
06 June 2022
The European Commission has published Questions and Answers (Q&A) on standard contractual clauses for data transfers under the Regulation 2016/679, (General Data Protection Regulation- GDPR).
Read MoreDecision of the Hellenic Data Protection Authority imposing a total of €9.250.000 in fines for personal data breach and illegal processing of such data
02 June 2022
The Hellenic Data Protection Authority (the Authority) supervises the application of the General Data Protection Regulation (GDPR) as well as other relevant laws and regulations concerning the protection of individuals from the processing of personal data in Greece.
Read MoreThe 4-year anniversary of the GDPR Regulation (EU) 2016/679
02 June 2022
The 4-year anniversary of the GDPR Regulation (EU) 2016/679, a short overview from the Office of the Cyprus Commissioner for Personal Data Protection.
Read MoreDORA - Digital Operational Resilience Act
18 February 2022
EU introduces a comprehensive regulatory framework on digital operational resilience in the financial sector.
Read MoreComplaint for lack of organizational security measures
26 January 2022
Complaint for lack of organizational security measures by former employee results in violation of the GDPR Regulation.
Read MoreDevelopments on penalties imposed for GDPR violations in 2021
20 January 2022
This article briefly sets out general overview of the fines imposed for GDPR violations in 2021 and how they increased compared to 2020.
Read MoreCCTV Surveillance within Private Properties
21 December 2021
This article briefly sets out the guidelines of the Commissioner for Personal Data Protection, Irini Loizidou, for the use CCTV surveillance in private properties.
Read MoreThe World of Cookies and Data Protection Rules
29 September 2021
As we live in the information era, it is becoming ever more difficult to protect our personal data as they are accessed by countless of websites.
Read MoreCost of Cyberattacks: Protecting Businesses in the Age of Digitalisation
28 September 2021
This article briefly examines what businesses can and should do to prevent cyberattacks and sufficiently limit their damages from cyberattacks and ensure GDPR compliance.
Read MoreIssues surrounding GDPR compliance of Blockchain Technologies
16 September 2021
Blockchain technology, has come to prominence since the creation of Bitcoin back in 2009. In sum, Blockchain is a decentralized, distributed ledger system that stores and records information in blocks.
Read MoreHarris Kyriakides announces three new partners, effective September 1, 2021
15 September 2021
The new partners are Andrea Newton, Eleni Neoptolemou and Ioanna Leonidou.
Read MoreVirtual Voice Assistants: Allowing for technological advancement while maintaining GDPR compliance
13 September 2021
The European Data Protection Board recently issued guidelines regarding requirements of Virtual Voice Assistants (VVA) to be GDPR compliant (the Guidelines).
Read MoreInternational agreements of EU Member States and the transfer of personal data - an obligation under review
09 June 2021
This article reviews the announcement of the European Data Protection Board on the transfer of personal data on the basis of legal obligations deriving from international agreements.
Read MoreImposition of an administrative fine on the Board of Registered Realtors
04 June 2021
This article briefly discusses the imposition of an administrative fine by the Cyprus Data Protection Commissioner on the Board of Registered Realtors for failure to meet data subject request.
Read MoreTargeting Social Media Users and GDPR
31 May 2021
With the increased use of social media and developing targeting techniques offered by social media providers, the European Data Protection Board (EDPB) has updated its guidelines on the targeting of social media users issued in 2020.
Read MoreIssuance of a 'Green Digital Certificate' and Use of Sensitive Personal Data
20 May 2021
The present article examines the suggested issuance of a "Digital Green Certificate" by the European Community and addresses certain data protection concerns regarding the issuance of such certificates.
Read MoreEU-US Privacy Shield invalidated by the Court of Justice of European Union
02 March 2021
On July 16, 2020, the Court of Justice of the European Union (the CJEU) in the case of Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (the Schrems Case) issued a landmark ruling invalidating EU-US Privacy Shield.
Read MoreDevelopments on penalties imposed on financial institutions for GDPR violations in Cyprus
09 February 2021
Due to significance of the violations under GPDR, the Commissioner considered that imposition of a fine to the financial institution is appropriate in the situation.
Read MoreTwo-tier System of Cooperation for Effective Enforcement of GDPR
02 February 2021
On November 26, 2020, Belgian Data Protection Authority (DPA) and DNS Belgium, the organization managing the “.be” domain, signed a cooperation agreement.
Read MoreThe Right of Access to Public Sector Information Law of 2017 (184(I)/2017)
25 January 2021
The Right of Access to Public Information Law of 2017 (184(I)/2017) (the Law) has entered into force on the 22nd of December 2020.
Read MoreQuestions about preventive measures for covid-19
24 November 2020
The Commissioner of Personal Data Protection has answered in a recent announcement frequently asked questions about preventive measures for covid-19.
Read More Fines under the GDPR: The Danish example
05 November 2020
General Data Protection Regulation (GDPR) governs the collection of data related to people in the EU and it imposes obligations on EU countries but is applicable to any and all organisations that target or collect data on EU persons.
Read MoreThe right to be forgotten is once more violated by Google
27 October 2020
The right to be forgotten provided under Article 17 of the General Data Protection Regulation (GDPR) was found by the Swedish Data Protection Authority (DPA) to be violated by the famous search result giant Google.
Read MoreInvestigations on private companies for data protection compliance purposes
24 July 2020
On 13 July 2020 the Commissioner for Personal Data Protection announced that she will soon commence investigations on private companies in order to evaluate whether the General Data Protection Regulation (EU) 2016/679 is properly applied.
Read MoreEuropean Commission publishes evaluation report on the General Data Protection Regulation
01 July 2020
The European Commission (Commission) published on 24 June 2020, just over two years of its entry into application, the first evaluation report on the General Data Protection Regulation (GDPR).
Read MoreBlockchain and GDPR: Compliance or Tension?
07 May 2020
Fundamental aspects of the blockchain technology seem to be incompatible with the data protection regulation. Before its widespread adoption and implementation these aspects shall be considered.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreThe GDPR: new opportunities, new obligations
10 January 2020
What every business needs to know about the EU's General Data Protection regulation.
Read MoreThe Outcome of the Assessment in GDPR Compliance in the Public Sector
16 December 2019
On October 11th, 2019, the Commissioner for personal data protection announced the results of an assessment conducted on the level of compliance with the provisions of the Regulation (EU) 2016/679 and the Law 125(I)/2018 in the Public Sector.
Read MoreGDPR violation concerning consent declarations
16 September 2019
On 30th July 2019 the Greek Data Protection Authority has published an important decision on consent declarations concerning the processing of employees’ data. Our GDPR discusses the guidance issued by the Greek Data Protection Authority and its possible ramifications for Cyprus businesses.
Read MoreAdministrative Arrangements under GDPR
12 September 2019
On 12 February 2019, the European Data Protection Board (EDPB) adopted its first opinion (the Opinion) on an administrative arrangement, which provides a new mechanism for the transfer of personal data between European Union (EU) financial supervisory authorities and securities agencies and their non-EU counterparts.
Read MoreInterplay Between the ePrivacy Directive and the GDPR
01 July 2019
The European Data Protection Board published an opinion on the interplay between the EU Directive on Privacy and Electronic Communications and the General Data Protection Regulation to generally clarify whether the processing of personal data triggers the material scope of both the GDPR and the ePrivacy Directive.
Read MoreGuidance on Protection of Non-personal Data
25 June 2019
The European Commission has published a guidance to help to clarify the interaction between two sets of rules for free flow of personal and non-personal data as well as mixed data sets.
Read MoreReport of the Personal Data Protection Commissioner for the Insurance Sector
24 June 2019
Following an audit carried out in the insurance sector, the Commissioner for Personal Data Protection (the Commissioner) published her findings about the improvements to be made and accomplished before the end of June.
Read MoreElectronic direct marketing and the issues arising from GDPR and the e-Privacy Directive
13 May 2019
Companies are increasingly using marketing to promote their products and services not only to their existing customers but also to potential ones. This is the purpose of the electronic marketing, to target individuals using digital methods, such as text messages or emails.
Read MoreKey Steps to protect your business from a personal data breach
11 January 2019
Read MoreAnnouncement by the Commissioner for Personal Data Protection
28 December 2018
Read MoreCCTV monitoring and the GDPR: Opinion 2/2018 of the Personal Data Protection Commissioner
22 November 2018
Read MoreData Subjects' Consent: Announcement published by the Commissioner for Personal Data Protection
05 November 2018
Read MoreERA Summer Course on the European Data Protection Law
08 October 2018
Read MoreLaw 125(I)/2018, officially published in the Cyprus Government Gazette
21 August 2018
Read MoreCyprus to regulate online gambling
31 October 2016
Read More
