Introduction of the the EU AI Act
25 July 2024
The EU's new AI Act establishes a set of comprehensive rules for the regulation of AI, aiming to safeguard fundamental rights and ensure ethical AI use within Europe and beyond.
Read More22 April 2024
In light of increased complaints regarding unsolicited SMS and email advertising messages, the Cyprus Commissioner for Personal Data Protection (the Commissioner) affirms the legal requirements for businesses engaging in direct marketing communication.
Read More28 January 2024
Each year, on the same significant date, we observe Data Protection Day, commemorating the anniversary of the opening for signature of Convention 108, a pivotal global agreement on data protection.
Read MoreNew rules governing GDPR treatment of data of US companies
13 July 2023
On 10 July 2023 the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework.
Read MoreCompensation rights for non-material loss as a result of GDPR violations
27 June 2023
A fundamental question in data protection laws has always been whether (and under what conditions) a person can claim damages for violations of data protection laws, in the event that such person cannot pinpoint to any specific and actual loss that has occurred as a result of the violation. The Court of Justice of the European Union (the CJEU) has now given an answer to this question in the recent ruling in case 300/21 - UI v Österreichische Post (the Österreichische Post Case), which is the first case dealing with an individual’s right to compensation for non-material loss for breaches of GDPR and discusses whether a GDPR infringement automatically grants a right to compensation and the relevant considerations that are in play.
Read MoreProposed changes in the GDPR data breach reporting regime for non–EU businesses
28 December 2022
The European Data Protection Board changes the framework by which data breach notifications should take place under GDPR for non – EU businesses.
Read MoreMigration to the new Standard Contractual Clauses
30 November 2022
Businesses have until 27 December 2022 to migrate all contracts that use the old standard contractual clauses to the new model contract clauses (i.e. standard contractual clauses) for international data transfers from EU to third countries.
Read MoreLoss or misplacing documents containing personal data
08 September 2022
The importance for enterprises to know and take action when they identify any event of loss or misplacement of documents containing personal data cannot be overstated.
Read MoreThe European Commission has published Q&A on Standard Contractual Clauses
06 June 2022
The European Commission has published Questions and Answers (Q&A) on standard contractual clauses for data transfers under the Regulation 2016/679, (General Data Protection Regulation- GDPR).
Read More02 June 2022
The Hellenic Data Protection Authority (the Authority) supervises the application of the General Data Protection Regulation (GDPR) as well as other relevant laws and regulations concerning the protection of individuals from the processing of personal data in Greece.
Read MoreThe 4-year anniversary of the GDPR Regulation (EU) 2016/679
02 June 2022
The 4-year anniversary of the GDPR Regulation (EU) 2016/679, a short overview from the Office of the Cyprus Commissioner for Personal Data Protection.
Read MoreDORA - Digital Operational Resilience Act
18 February 2022
EU introduces a comprehensive regulatory framework on digital operational resilience in the financial sector.
Read MoreComplaint for lack of organizational security measures
26 January 2022
Complaint for lack of organizational security measures by former employee results in violation of the GDPR Regulation.
Read MoreDevelopments on penalties imposed for GDPR violations in 2021
20 January 2022
This article briefly sets out general overview of the fines imposed for GDPR violations in 2021 and how they increased compared to 2020.
Read MoreCCTV Surveillance within Private Properties
21 December 2021
This article briefly sets out the guidelines of the Commissioner for Personal Data Protection, Irini Loizidou, for the use CCTV surveillance in private properties.
Read MoreThe World of Cookies and Data Protection Rules
29 September 2021
As we live in the information era, it is becoming ever more difficult to protect our personal data as they are accessed by countless of websites.
Read MoreCost of Cyberattacks: Protecting Businesses in the Age of Digitalisation
28 September 2021
This article briefly examines what businesses can and should do to prevent cyberattacks and sufficiently limit their damages from cyberattacks and ensure GDPR compliance.
Read MoreIssues surrounding GDPR compliance of Blockchain Technologies
16 September 2021
Blockchain technology, has come to prominence since the creation of Bitcoin back in 2009. In sum, Blockchain is a decentralized, distributed ledger system that stores and records information in blocks.
Read MoreHarris Kyriakides announces three new partners, effective September 1, 2021
15 September 2021
The new partners are Andrea Newton, Eleni Neoptolemou and Ioanna Leonidou.
Read MoreVirtual Voice Assistants: Allowing for technological advancement while maintaining GDPR compliance
13 September 2021
The European Data Protection Board recently issued guidelines regarding requirements of Virtual Voice Assistants (VVA) to be GDPR compliant (the Guidelines).
09 June 2021
This article reviews the announcement of the European Data Protection Board on the transfer of personal data on the basis of legal obligations deriving from international agreements.
Read More
Imposition of an administrative fine on the Board of Registered Realtors
04 June 2021
This article briefly discusses the imposition of an administrative fine by the Cyprus Data Protection Commissioner on the Board of Registered Realtors for failure to meet data subject request.
Read MoreTargeting Social Media Users and GDPR
31 May 2021
With the increased use of social media and developing targeting techniques offered by social media providers, the European Data Protection Board (EDPB) has updated its guidelines on the targeting of social media users issued in 2020.
Read MoreIssuance of a 'Green Digital Certificate' and Use of Sensitive Personal Data
20 May 2021
The present article examines the suggested issuance of a "Digital Green Certificate" by the European Community and addresses certain data protection concerns regarding the issuance of such certificates.
Read More
EU-US Privacy Shield invalidated by the Court of Justice of European Union
02 March 2021
On July 16, 2020, the Court of Justice of the European Union (the CJEU) in the case of Data Protection Commissioner v Facebook Ireland Ltd and Maximillian Schrems (the Schrems Case) issued a landmark ruling invalidating EU-US Privacy Shield.
Read MoreDevelopments on penalties imposed on financial institutions for GDPR violations in Cyprus
09 February 2021
Due to significance of the violations under GPDR, the Commissioner considered that imposition of a fine to the financial institution is appropriate in the situation.
Read MoreTwo-tier System of Cooperation for Effective Enforcement of GDPR
02 February 2021
On November 26, 2020, Belgian Data Protection Authority (DPA) and DNS Belgium, the organization managing the “.be” domain, signed a cooperation agreement.
Read MoreThe Right of Access to Public Sector Information Law of 2017 (184(I)/2017)
25 January 2021
The Right of Access to Public Information Law of 2017 (184(I)/2017) (the Law) has entered into force on the 22nd of December 2020.
Read MoreQuestions about preventive measures for covid-19
24 November 2020
The Commissioner of Personal Data Protection has answered in a recent announcement frequently asked questions about preventive measures for covid-19.
Read MoreFines under the GDPR: The Danish example
05 November 2020
General Data Protection Regulation (GDPR) governs the collection of data related to people in the EU and it imposes obligations on EU countries but is applicable to any and all organisations that target or collect data on EU persons.
Read MoreThe right to be forgotten is once more violated by Google
27 October 2020
The right to be forgotten provided under Article 17 of the General Data Protection Regulation (GDPR) was found by the Swedish Data Protection Authority (DPA) to be violated by the famous search result giant Google.
Read MoreInvestigations on private companies for data protection compliance purposes
24 July 2020
On 13 July 2020 the Commissioner for Personal Data Protection announced that she will soon commence investigations on private companies in order to evaluate whether the General Data Protection Regulation (EU) 2016/679 is properly applied.
Read MoreEuropean Commission publishes evaluation report on the General Data Protection Regulation
01 July 2020
The European Commission (Commission) published on 24 June 2020, just over two years of its entry into application, the first evaluation report on the General Data Protection Regulation (GDPR).
Read MoreBlockchain and GDPR: Compliance or Tension?
07 May 2020
Fundamental aspects of the blockchain technology seem to be incompatible with the data protection regulation. Before its widespread adoption and implementation these aspects shall be considered.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreFirst Standard Contractual Clauses for Contracts between Controllers and Processors
20 March 2020
The European Data Protection Board (the EDPB) has been actively cooperating with the National Supervisory Authorities in an effort to implement a more harmonized approach regarding standard contractual clauses (SCCs) for contracts between controllers and processors used internationally.
Read MoreThe GDPR: new opportunities, new obligations
10 January 2020
What every business needs to know about the EU's General Data Protection regulation.
Read MoreThe Outcome of the Assessment in GDPR Compliance in the Public Sector
16 December 2019
On October 11th, 2019, the Commissioner for personal data protection announced the results of an assessment conducted on the level of compliance with the provisions of the Regulation (EU) 2016/679 and the Law 125(I)/2018 in the Public Sector.
Read MoreGDPR violation concerning consent declarations
16 September 2019
On 30th July 2019 the Greek Data Protection Authority has published an important decision on consent declarations concerning the processing of employees’ data. Our GDPR discusses the guidance issued by the Greek Data Protection Authority and its possible ramifications for Cyprus businesses.
Read MoreAdministrative Arrangements under GDPR
12 September 2019
On 12 February 2019, the European Data Protection Board (EDPB) adopted its first opinion (the Opinion) on an administrative arrangement, which provides a new mechanism for the transfer of personal data between European Union (EU) financial supervisory authorities and securities agencies and their non-EU counterparts.
Read MoreInterplay Between the ePrivacy Directive and the GDPR
01 July 2019
The European Data Protection Board published an opinion on the interplay between the EU Directive on Privacy and Electronic Communications and the General Data Protection Regulation to generally clarify whether the processing of personal data triggers the material scope of both the GDPR and the ePrivacy Directive.
Read MoreGuidance on Protection of Non-personal Data
25 June 2019
The European Commission has published a guidance to help to clarify the interaction between two sets of rules for free flow of personal and non-personal data as well as mixed data sets.
Read MoreReport of the Personal Data Protection Commissioner for the Insurance Sector
24 June 2019
Following an audit carried out in the insurance sector, the Commissioner for Personal Data Protection (the Commissioner) published her findings about the improvements to be made and accomplished before the end of June.
Read MoreElectronic direct marketing and the issues arising from GDPR and the e-Privacy Directive
13 May 2019
Companies are increasingly using marketing to promote their products and services not only to their existing customers but also to potential ones. This is the purpose of the electronic marketing, to target individuals using digital methods, such as text messages or emails.
Read MoreKey Steps to protect your business from a personal data breach
11 January 2019
Read MoreAnnouncement by the Commissioner for Personal Data Protection
28 December 2018
Read MoreCCTV monitoring and the GDPR: Opinion 2/2018 of the Personal Data Protection Commissioner
22 November 2018
Read MoreData Subjects' Consent: Announcement published by the Commissioner for Personal Data Protection
05 November 2018
Read MoreERA Summer Course on the European Data Protection Law
08 October 2018
Read MoreLaw 125(I)/2018, officially published in the Cyprus Government Gazette
21 August 2018
Read MoreCyprus to regulate online gambling
31 October 2016
Read MoreData Processing in the Re-opening of Businesses
25 May 2020
On May 11, 2020, the UK Information Commissioner’s Office (ICO) published guidance on how employers should handle data in the event they choose to test their employees for COVID-19 on return to work.
Read More28 March 2020
Governments, public and private organisations throughout Europe are taking measures to try to contain and mitigate COVID-19 and its consequences including processing sensitive personal data. However, they should still keep GDPR and its obligations in mind in the time of COVID-19.
Read MoreComparative Legal Guide – Data Protection 2023
27 July 2023
We are delighted to share the latest International Comparative Legal Guide – Data Protection 2023, published by Global Legal Group.
Read MoreAnnual Report on the decisions issued by the Cyprus Commissioner of Personal Data Protection
28 January 2023
Celebrated yearly at the same date, Data Protection Day marks the anniversary of the opening for signature of Convention 108, the global data protection Convention.
Read MoreCasual electronic communications at the workplace concerning business issues
25 February 2020
Our Data Protection and Cyber Law team discusses a number of legal risks arising from communications at the workplace which do not adhere to proper data and communication policies.
Read MoreProcessing Activities subject to a Data Protection Impact Assessment
24 February 2020
Our GDPR team discusses the opinion issued by the European Data Protection Board on the list of processing activities that are subject to a requirement of data protection impact assessment.
Read MoreTransfer of Personal Data in the UK after Brexit
18 February 2019
As already known, on the 30th March 2019, the United Kingdom (UK) is leaving the European Union (EU)
Read MorePost GDPR: Cyprus Supreme Court directions on the Online Publication of Court decisions
10 December 2018
Right after the new General Data Protection Regulation (“GDPR”) came into force, many debates were initiated regarding its limits
Read MoreNew European legal framework on Processing of Personal Data
09 May 2016
Read MoreChapter on Cyprus Telecommunications Laws
20 January 2016
Read MoreBetter protection for trade secrets in the EU
13 December 2013
Read MoreWe advise on matters related to Data Privacy, GDPR (General Data Protection Regulation 2016/679) and Cyprus Cyber Law compliance, software and hardware licensing, development, procurement, governance, e-commerce, information technology projects, data privacy and dispute resolution. We also provide cyber risk advisory and clarity on how manage cyber risk and regulations, so that organizations adapt to the new challenges and risks that they may face. We produce client briefings covering the Cyprus jurisdiction and assist on multinational projects. We have serviced many GDPR compliance projects for businesses of every sector of the economy. GDPR compliance is great importance nowadays and help organizations build trust with clients, so the compliance must be first priority to every company.
We draft organisations policies and guidelines (e.g data protection and security policies, privacy notices, data breach notification procedures), advising on implementing the appropriate organizational and technical measures to demonstrate compliance. We also provide GDPR training sessions customize to the needs of your company, so employees can handle the personal data in the right manner and requirements of the GDPR.
In addition, we represent clients in matters related to violations or investigations pending before the Commissioner for Personal Data Protection and we pursue related complaints on behalf of aggrieved clients. In that respect, we also advise on the protection of both personal and sensitive business data against its unauthorised and illegal collection, use, storage, disclosure, transfer and destruction and further use. We counsel clients on complex issues associated with legal compliance and business strategy relating to privacy and security risk management, developing internal policies and procedures, and cyber security and technology transactions.
Our clients include large corporate, government and specialist internet or data-rich companies operating across a broad range of sectors both in Cyprus and abroad.
Follow us
1 Kinyra Street, 5th floor
1102 Nicosia
115 Faneromenis Avenue,
Antouanettas Building
6031 Larnaca
12 Platonos Street,
3027 Limassol
4 Nicou Nicolaidi & Kinyra,
2nd floor, 8011 Paphos
164A Georgiou Gourounia,
1st floor, 5289 Paralimni