The Processing of Personal Data (Protection of the Individual) Law of 2001
The Business Issue
Data protection is emerging as much more than just a theoretical debate. The issue is now becoming a big challenge that every public or private organisation needs to address. Inevitably every organisation collects and processes personal data in order to perform its day-to-day operations. Such data may concern information regarding employees, customers, suppliers or other business partners.
The processing of personal data in Cyprus is governed by the Processing of Personal Data (Protection of the Individual) Law, which entered into force on 23rd November 2001 to address privacy issues arising out of the collection, storage, processing and use of personal data. The Law was amended in 2003 in order to harmonise Cyprus legislation with the Directive of the European Union (95/46) on the protection of individuals with regard to the processing of personal data.
The Law objective is to protect the fundamental rights of individuals (data subjects) whereas to set out specific obligations for those processing personal data (data controllers). Data controllers are the people or body ‘which determines the purposes and the means of processing’ both in the public and in the private sector.
Personal data protection deals with the protection of personal information relating to an individual against unauthorised and illegal collection, recording and further use. It also grants the individual certain rights. i.e. the right of information, the right of access and gives him the possibility to submit to the Office of the Commissioner complaints relating to the application of the Law.
Our Experience
We have worked with leading global and local organisations to aid them with their privacy issues and facilitate compliance.
