Protection of Personal Data

With an increasing volume of personal data flowing around the globe that may easily be collected, processed, stored, or used, and a lack of harmonisation across the EU Member States, personal data protection has over the years become a universal challenge for everyone.

Following many years of discussion, the new EU data protection framework was finally adopted in April of 2016 in the form of a Regulation – the General Data Protection Regulation (GDPR), repealing Directive 95/46/EC, which is currently in force (implemented in Cyprus by the Processing of Personal Data (Protection of Individuals) Law of 2001). The GDPR will take effect in all Member States of the EU on 25 May 2018, rendering it a milestone in EU data protection legislation.

The GDPR introduces key changes to the data protection regulatory framework by reinforcing existing rights and creating new ones. The reform will allow European citizens and businesses to fully benefit from the digital economy uniformly.

Tassos Papadopoulos & Associates LLC having multiple years of experience and expertise in dealing with data protection matters is at the forefront of assisting organisations and individuals to face the challenges and new opportunities the new legal framework presents, from comprehending the new data protection legislation and its requirements, to avoiding the severe penalties prescribed in the event of non-compliance.

Among other services, our law firm can provide the following to its clients:

1. Legal assessments of the level of data protection currently in force at our clients’ businesses and legal evaluation of the level of their compliance with the provisions of the GDPR.

2. Data processing officer (DPO) related services, subject to the approval of the Commissioner for Personal Data Protection.

3. Legal advice and assistance in providing solutions to our clients which aim at reinforcing the structures and controls of their business, so as to safeguard the personal data which they possess and/or process.

4. Assistance in designing clear policies and well-practised procedures in order for our clients to be able to react quickly to any data breach and make the relevant notification when necessary.

5. Legal advice and assistance in understanding and implementing the requirements of the GDPR e.g. matters relating to:

 

  • Safeguarding the principles relating to processing of personal data, e.g. the principle of lawfulness, fairness and transparency, the principle of purpose limitation, the principle of data minimisation, the principle of accuracy, the principle of storage limitation, the principle of integrity and confidentiality, the principle of accountability.
  • Safeguarding the rights of the data subject, e.g. the right to information, the right of access, the right to rectification, the right to erasure (΄΄right to be forgotten’’), the right to data portability, the right to object.
  • privacy measures and policies
  • conditions for consent
  • data protection by design and by default
  • privacy impact assessments

 

6. Regular updates on and legal analysis of:

 

  • Court Decisions on data protection law
  • Decisions, opinions and recommendations delivered by the Office of the Commissioner for Personal Data Protection
  • the Guidelines adopted by the Article 29 Data Protection Working Party
  • the Directives issued by the Commissioner for Personal Data Protection.

 

7. Liaising on behalf of the clients with the office of the Commissioner for Personal Data Protection with respect to issues such as the clarification of legal matters, the filing of notifications and other documentation, prior consultations, the submission of queries etc.

Protection of Personal Data

With an increasing volume of personal data flowing around the globe that may easily be collected, processed, stored, or used, and a lack of harmonisation across the EU Member States, personal data protection has over the years become a universal challenge for everyone.

Following many years of discussion, the new EU data protection framework was finally adopted in April of 2016 in the form of a Regulation – the General Data Protection Regulation (GDPR), repealing Directive 95/46/EC, which is currently in force (implemented in Cyprus by the Processing of Personal Data (Protection of Individuals) Law of 2001). The GDPR will take effect in all Member States of the EU on 25 May 2018, rendering it a milestone in EU data protection legislation.

The GDPR introduces key changes to the data protection regulatory framework by reinforcing existing rights and creating new ones. The reform will allow European citizens and businesses to fully benefit from the digital economy uniformly.

Tassos Papadopoulos & Associates LLC having multiple years of experience and expertise in dealing with data protection matters is at the forefront of assisting organisations and individuals to face the challenges and new opportunities the new legal framework presents, from comprehending the new data protection legislation and its requirements, to avoiding the severe penalties prescribed in the event of non-compliance.

Among other services, our law firm can provide the following to its clients:

1. Legal assessments of the level of data protection currently in force at our clients’ businesses and legal evaluation of the level of their compliance with the provisions of the GDPR.

2. Data processing officer (DPO) related services, subject to the approval of the Commissioner for Personal Data Protection.

3. Legal advice and assistance in providing solutions to our clients which aim at reinforcing the structures and controls of their business, so as to safeguard the personal data which they possess and/or process.

4. Assistance in designing clear policies and well-practised procedures in order for our clients to be able to react quickly to any data breach and make the relevant notification when necessary.

5. Legal advice and assistance in understanding and implementing the requirements of the GDPR e.g. matters relating to:

 

  • Safeguarding the principles relating to processing of personal data, e.g. the principle of lawfulness, fairness and transparency, the principle of purpose limitation, the principle of data minimisation, the principle of accuracy, the principle of storage limitation, the principle of integrity and confidentiality, the principle of accountability.
  • Safeguarding the rights of the data subject, e.g. the right to information, the right of access, the right to rectification, the right to erasure (΄΄right to be forgotten’’), the right to data portability, the right to object.
  • privacy measures and policies
  • conditions for consent
  • data protection by design and by default
  • privacy impact assessments

 

6. Regular updates on and legal analysis of:

 

  • Court Decisions on data protection law
  • Decisions, opinions and recommendations delivered by the Office of the Commissioner for Personal Data Protection
  • the Guidelines adopted by the Article 29 Data Protection Working Party
  • the Directives issued by the Commissioner for Personal Data Protection.

 

7. Liaising on behalf of the clients with the office of the Commissioner for Personal Data Protection with respect to issues such as the clarification of legal matters, the filing of notifications and other documentation, prior consultations, the submission of queries etc.