General Data Protection Regulation (“GDPR”)
What is it?
Since the 25th of May 2018 the General Data Protection Regulation (“GDPR”), governs the processing and transfer of personal data of natural persons.
Does it apply to me?
It applies to undertakings (including natural and legal entities e.g. companies) which:
- process personal data as part of the activities of one of their branches established in the European Area (“EEA”), irrespective of where the processing takes place; or
- offer goods/services to, or monitor the behavior of individuals in the EEA despite being outside the EEA (Art. 3 GDPR).
Why is it important?
- The burden of proof has shifted from the supervisory authority to the undertakings, which are now obliged not only to comply but to demonstrate compliance with the GDPR.
- Penalties of up to €20 million or 4% of the business’s total annual worldwide turnover can be imposed. So far in Cyprus, the imposed fines range from €400 to €1000.
- As of September 2018, regular inspections are carried out by the Commissioner to ensure compliance.
What should you do?
- complete the processing record recommended by the Data Commissioner in Cyprus (Art. 30);
- have your consent forms ready to be used (Art. 7 GDPR);
- make sure that, proportionally to your size and types of personal data processed, you have implemented appropriate technical and organisational measures to protect the personal data (Art. 32 GDPR);
- amend or add to the contracts with your employees, suppliers, service providers and associates to meet the GDPR confidentiality and data security requirements (Art. 28 GDPR).
Our firm can provide full legal support and can assist you to ensure compliance with the GDPR, feel free to reach as at: tel: 25814054 or email: [email protected]