GDPR & Data Protection

Our Firm advises large organisations and SMEs across diverse industries in all matters related to compliance with EU General Data Protection Regulation (GDPR) as well as the relevant national legislation. We provide data protection solutions that are tailor made to the unique needs of our clients in order to ensure compliance while helping them transition to the framework of GDPR.

The GDPR has come into effect in May 2018, and it is considered the biggest change in data protection laws of the 21^st century. Its strict measures, priority to the data protection rights of individuals and heavy fines for violations of it, require all organisations collecting, storing and disclosing personal data to take appropriate measures to comply with GDPR, including but not limited to, to update their internal procedures and privacy policies, to ensure the security of information they receive and have secure data systems in place.

The phenomenon of cyber-attacks and security breaches put all organisations that are connected to the internet at a constant risk and the necessity to protect the personal data of their customers and business associates is ever increasing.

Our Firm advises on the appropriate safeguards, methods and procedures that should be adopted and implemented by our clients to ensure compliance with GDPR, as well as to minimize their exposure to potential risks involved with their business activities with regards the processing of personal data, including special categories of personal data. We have in-depth experience in high traffic sites, webcam sites, online businesses, ad platforms, CRM platforms, information systems, e-commerce and e-commerce platforms, information security services and corporate law, and we can help our clients navigate the complex landscape of data protection law in Cyprus as well as at a European Union and international level.

Our GDPR & Data Protection Legal Services

Our services include the following:

• Privacy Management
• Assessment and evaluation of organisation’s existing forms and procedures for the collection and processing of personal data of employees, customers, and associates
• Assessment and evaluation of organisation’s existing data protection measures and procedures
• Development, design and implementation of compliant controls, procedures and structures for the protection of personal data
• Cooperation with management and employees for the implementation and monitoring of new policies, procedures and measures for data protection
• Data Protection Officer as a service to monitor and maintain compliance with GDPR
• Advising on how to handle data subjects’ requests and complaints and liaising with such individuals whose personal data is being processed by the client or they have made complaint to the client
• Investigating and managing data security breaches, and notification of such data security breach to Data Protection Commissioner and data subject
• Data Mapping
• Monitoring regulatory developments
• Liaising with Data Protection Commissioner and other relevant Regulatory bodies on behalf of the client
• Representation of client before the Data Protection Commissioner and the courts in relation to data protection matter
• Provision of legal opinions in relation to data protection matters, from a GDPR and national law perspective
• Drafting, Reviewing and Advising:
  • Privacy Policy and Cookies Policy
  • Data Processing Agreements or Data Processing Addendums to existing agreements with third country data processors or recipients of data
  • Binding Corporate Rules and Model Clauses as per needs and requirements of client
  • Record of Processing Activities
  • Data Retention Policy
  • Data Protection Impact Assessment
  • Forms of email templates to be send to data subjects who wish to exercise their data protection rights
  • Forms of marketing and administrative emails of organisations to ensure compliance with GDPR and ePrivacy Directive (Directive 2002/58/EC)
  • Consent forms