Personal Data Protection

The Processing of Personal Data (Protection of the Individual) Law of 2001

The Business Issue

Data protection is emerging as much more than just a theoretical debate. The issue is now becoming a big challenge that every public or private organisation needs to address. Inevitably every organisation collects and processes personal data in order to perform its day-to-day operations. Such data may concern information regarding employees, customers, suppliers or other business partners.

The processing of personal data in Cyprus is governed by the Processing of Personal Data (Protection of the Individual) Law, which entered into force on 23rd November 2001 to address privacy issues arising out of the collection, storage, processing and use of personal data. The Law was amended in 2003 in order to harmonise Cyprus legislation with the Directive of the European Union (95/46) on the protection of individuals with regard to the processing of personal data.

The Law objective is to protect the fundamental rights of individuals (data subjects) whereas to set out specific obligations for those processing personal data (data controllers). Data controllers are the people or body ‘which determines the purposes and the means of processing’ both in the public and in the private sector.

Personal data protection deals with the protection of personal information relating to an individual against unauthorised and illegal collection, recording and further use. It also grants the individual certain rights. i.e. the right of information, the right of access and gives him the possibility to submit to the Office of the Commissioner complaints relating to the application of the Law.

The PricewaterhouseCoopers Solution

PricewaterhouseCoopers' Advisory practice has extensive local and international experience in providing privacy services to both private and public sector organisations spanning various industries. We are recognised internationally for our commitment to good privacy practice and have a specialised team of privacy advisors from multi-disciplinary backgrounds who can provide high quality service and privacy advice to organisations that operate locally, nationally and internationally.

The management of privacy risk can be addressed at a variety of different levels within an organisation. We can assist companies in areas such as:

  • Risk Assessment

    Reviewing existing systems to determine privacy risk throughout the organisation. This includes examining data flows and data collection procedures as well as technical controls and operational processes for implementing data protection compliance throughout the organization.

  • Privacy Policy

    Developing or reviewing on-line and off-line privacy policies to support compliance with all relevant legislation, regulations and customer expectations.

  • Compliance Programme

    Assisting organisations to develop an internal programme to manage ongoing compliance with their privacy and data protection policies.

  • Operational Procedures and Implementation

    Developing or reviewing operational procedures including governance to help you establish that privacy issues are addressed and implemented as a matter of course in day to day activities.

  • Online Privacy Solutions

    Addressing the specific privacy challenges associated with an organisation's Internet presence through assessment of risks, development and implementation of policies and standards and the use proprietary privacy enhancing technologies.

  • Privacy Audit

    Completing a tailored thorough privacy audit programme in order to identify personal data inventories and utilisation models and/or to provide an assessment of the adequacy of the organisation's privacy compliance programme.

  • Training and Awareness

    Providing tailored training to staff and data protection officers of organisations with regard to privacy sensitive activities and the implementation of industry codes of practice and legislation.

How can we help you

PricewaterhouseCoopers' Advisory practice has extensive local and international experience in providing privacy services to both private and public sector organisations spanning various industries. We are recognised internationally for our commitment to good privacy practice and have a specialised team of privacy advisors from multi-disciplinary backgrounds who can provide high quality service and privacy advice to organisations that operate locally, nationally and internationally.

The management of privacy risk can be addressed at a variety of different levels within an organisation. We can assist companies in areas such as:

  • Risk Assessment

    Reviewing existing systems to determine privacy risk throughout the organisation. This includes examining data flows and data collection procedures as well as technical controls and operational processes for implementing data protection compliance throughout the organization.

  • Privacy Policy

    Developing or reviewing on-line and off-line privacy policies to support compliance with all relevant legislation, regulations and customer expectations.

  • Compliance Programme

    Assisting organisations to develop an internal programme to manage ongoing compliance with their privacy and data protection policies.

  • Operational Procedures and Implementation

    Developing or reviewing operational procedures including governance to help you establish that privacy issues are addressed and implemented as a matter of course in day to day activities.

  • Online Privacy Solutions

    Addressing the specific privacy challenges associated with an organisation's Internet presence through assessment of risks, development and implementation of policies and standards and the use proprietary privacy enhancing technologies.

  • Privacy Audit

    Completing a tailored thorough privacy audit programme in order to identify personal data inventories and utilisation models and/or to provide an assessment of the adequacy of the organisation's privacy compliance programme.

  • Training and Awareness

    Providing tailored training to staff and data protection officers of organisations with regard to privacy sensitive activities and the implementation of industry codes of practice and legislation.

Our Experience

We have worked with leading global and local organisations to aid them with their privacy issues and facilitate compliance.