Privacy Law at Cyprus
Cyprus enforces robust data protection laws through Law 125(I)/2018, which aligns with the European Union's General Data Protection Regulation (GDPR). This legislation, effective since July 31, 2018, supersedes the previous Data Protection Law 138(I)/2001, ensuring comprehensive privacy rights and obligations for individuals and organizations.
🇨🇾 Key Provisions of Law 125(I)/2018
1. *Legal Basis for Data Processing
Personal data processing is lawful under the following condition:The data subject has provided explicit consen. Processing is necessary for contract performanc. Compliance with a legal obligatio] Protection of vital interest. Performance of a task carried out in the public interest or in the exercise of official authorit. Pursuit of legitimate interests, provided they do not override the rights of the data subjec.
2. *Children’s Data
Processing children's personal data is permitted whe The child is at least 14 years old and provides consen. For children under 14, consent must be obtained from the holder of parental responsibilit.
3. *Special Categories of Data
Processing of sensitive data, such as racial or ethnic origin, political opinions, religious beliefs, health data, and sexual orientation, is prohibited unles: Explicit consent is obtaine. Necessary for employment obligation. Vital interests protectio.Carried out by health professionals under confidentiality obligation. For scientific, historical research, or statistical purpose.
4. *Data Protection Officer (DPO)
Organizations must appoint a DPO i: They are a public authority or bod. Core activities involve large-scale processing of sensitive dat. Regular and systematic monitoring of data subjects occur.
5. *Data Breach Notification
In the event of a data breach, organizations must notify the Commissioner for Personal Data Protection within 72 hours and inform affected individuals if the breach poses high risks to their rights and freedom.
6. *Penalties for Non-Compliance
Violations of data protection laws can result i:
Administrative Fines: Up to €10 million or 2% of global annual turnover for breaches related to data managemen. Up to €20 million or 4% of global annual turnover for breaches concerning data security, individual rights, or international data transfer.
Criminal Penalties:Imprisonment for up to 5 years and/or fines ranging from €10,000 to €50,000 for specific offense.
🏛️ Supervisory Authorit
The Office of the Commissioner for Personal Data Protection oversees compliance with data protection laws in Cyprs The Commissioner has the authority to investigate complaints, issue fines, and provide guidance on data protection mattes.
âś… Summar
Cyprus has established a comprehensive data protection framework through Law 125(I)/2018, aligning with the GDPR to safeguard individuals' privacy righs Organizations operating in Cyprus must ensure compliance with these regulations to protect personal data and avoid potential penaltis.
RELATED Blog
0 comments