Today: October 22 2018
russian English greek latvian French German Chinese (Simplified) Arabic hebrew

All that you will be interested in knowing about Cyprus on our website
the most informative resource about Cyprus in runet
Cyprus moves to new rules for processing personal data

Cyprus moves to new rules for processing personal data

24 May 2018
Tags: Cyprus, Information, Society, Laws, EU

In May 2018 Europe, including Cyprus, will switch to the updated rules for the processing of personal data, established by the General Data Protection Regulations (EU Regulation 2016 / 679from 27 April 2016 or GDPR - General Data Protection Regulation). This regulation, having direct effect in all 28 EU countries, will replace the frameworkDirectiveon the protection of 95 / 46 / EU personal data from 24 October 1995. An important nuance of the GDPR is the extraterritorial principle of the operation of the new European rules for the processing of personal data, so Russian companies should be attentive to them if the services are focused on the European or international market.

Since May of the year 2018, the responsibility for violating the rules for the processing of personal data has been toughened: according to the GDPR, fines reach 20 million euros (about 1,5 billion rubles) or 4% of the company's annual global revenue. In this article, we analyzed new rules for the processing of personal data in the EU and formulated recommendations for Russian companies on how to respond to the GDPR.

Who is within the scope of the GDPR?

The GDPR has an extraterritorial effect and is applied to all companies that process personal data of residents and EU citizens, regardless of the location of such a company.
Of course, branches and representative offices of Russian organizations on the territory of the EU will have to meet new requirements.

Should such an organization comply with the GDPR? - Yes!

After all, services and goods are obviously offered to Europeans, because:

  • services / goods are adapted to the local languages ​​of EU residents
  • services / goods are paid in local EU currencies
  • services / goods are provided on national top-level domains of EU countries

This means that organizations,processing personal dataEuropeans in Russia in the implementation of online sales (for example, Russian Railways, airlines, hotels, hostels and others) are subject to the GDPR and are required to comply with the new European rules for processing personal data.

It is important to note that in addition to the processing of personal data in the GDPR, the concept of monitoring the behavior of data subjects is used, which drives another category of subjects under the GDPR. The GDPR applies to organizations established outside the EU if they (as a controller or processor) control the behavior of EU residents (to the extent that such behavior takes place in the EU).

What is meant by personal data in the GDPR?

Personal data is any information relating to an individual, on which, directly or indirectly, it can be determined. Such information includes, but is not limited to, the name, location data, online identifier or one or more factors specific to the physical, physiological, genetic, intellectual, economic, cultural or social identity of that individual. Any photos with a face. The definition is broad and fairly clear that even IP addresses can also be personal data. There are also certain types of personal data belonging to the category of personal data: racial or ethnic origin, political views, religious or philosophical beliefs and membership in trade unions, genetic, biometric data, health data, information relating to sexuality or sexual orientation.

6 data processing principles for GDPR:

  • Legality, justice and transparency. Personal data must be processed legally, fairly and transparently. Any information on the purposes, methods and volumes of personal data processing should be stated as accessible and simple as possible.
  • Limitation of purpose. Data must be collected and used for the purposes stated by the company.
  • Minimization of data. You can not collect personal data in a larger volume than is necessary.
  • Accuracy. Personal data that is inaccurate must be deleted or corrected.
  • Restriction of storage. Personal data must be stored in a form that allows identification of data subjects for a period of no more than necessary for processing purposes.
  • Integrity and confidentiality. When processing user data, companies must ensure the protection of personal data from unauthorized or illegal processing, destruction and damage.

Key requirements:

  • Notification of violations of the GDPR
  • The rights of the data subject (individual)
  • The right to data portability
  • Consent to processing
  • Special protection of personal data of children
  • Appointment of the person responsible for protecting personal data

What to do?

If you enter the coverage area of ​​the new European data protection regulations or plan to provide services and goods to the EU and Cyprus, it is recommended that a comprehensive evaluation of the methods and means of personal data processing applied in the company be carried out and brought into line with the new GDPR rules. It is also necessary to revise the privacy policy and regulations on the processing of personal data of the Terms of Use of its websites and online services aimed at European consumers and users. To comply with the requirements of the GDPR, it is necessary to develop internal data protection policies, train personnel, conduct data processing checks, maintain documentation on processing processes, implement measures on the built-in confidentiality system, and appoint a person responsible for processing personal data (naturally, taking into account the nature and volumes of processed personal data).


The GDPR is the most important legislative document that enhances the level of protection of personal data in the EU and beyond. It requires careful study and compliance. The reform provides clarity and consistency of the rules that should be applied in the field of data protection. It also restores the confidence of the user-consumer, which allows businesses to make the most of the opportunities in the single European digital market. The collection, analysis and movement of personal data around the world have acquired enormous economic importance. Personal data is, of course, the "currency" of the modern economy. And if you collect user data in any form - you must carefully monitor their safety in order to avoidleakage and possible manipulationby third parties.

Photographers can suffer from this law, since it will be impossible to upload photos taken in public places where people are present, it will be necessary for everyone to agree on the photo. On the other hand, such a photo can be quickly removed, at the request of any individual who is in the photo. -Source

Catty Cage
Cyprus Butterfly
GTranslate Your license is inactive or expired, please subscribe again!