The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It came into effect on May 25, 2018, and replaces the 1995 Data Protection Directive.
In Cyprus, GDPR is fully enforced by the Commissioner for Personal Data Protection and the Police. The Commissioner is responsible for enforcing the provisions of the GDPR, investigating and imposing administrative fines, and promoting public awareness of personal data protection rights. The Police also have powers to investigate breaches of GDPR and to take necessary actions.
Under the GDPR, organizations that process personal data must ensure that they comply with the principles of data protection, such as the lawful processing of personal data, data accuracy, and data security. Organizations must also obtain explicit consent from individuals for the collection, processing, and storage of their personal data.
Cypriot organizations must appoint a Data Protection Officer (DPO) if they are a public authority, if their core activities require large-scale monitoring of individuals, or if their core activities consist of processing special categories of personal data. The DPO is responsible for advising on and monitoring compliance with the GDPR.
Individuals in Cyprus have several rights under the GDPR, including the right to access their personal data, the right to have their personal data erased, and the right to data portability. They also have the right to object to processing, and the right to restrict processing.