Today: 20 May 2019
russian English greek latvian French German Chinese (Simplified) Arabic hebrew

All that you will be interested in knowing about Cyprus on our website
the most informative resource about Cyprus in runet
Cyprus moves to new rules for processing personal data

Cyprus moves to new rules for processing personal data

24 May 2018 LJ cover – Кипр переходит на новые правила обработки персональных данных
Tags: Cyprus, Information, Society, Laws, EU

In May 2018 Europe, including Cyprus, will switch to the updated rules for the processing of personal data, established by the General Data Protection Regulations (EU Regulation 2016 / 679 от 27 апреля 2016 г. или GDPR — General Data Protection Regulation). Данный регламент, имеющий прямое действие во всех 28 странах ЕС, заменит рамочную Directive on the protection of 95 / 46 / EU personal data from 24 October 1995. An important nuance of the GDPR is the extraterritorial principle of the operation of the new European rules for the processing of personal data, so Russian companies should be attentive to them if the services are focused on the European or international market.

Since May of the year 2018, the responsibility for violating the rules for the processing of personal data has been toughened: according to the GDPR, fines reach 20 million euros (about 1,5 billion rubles) or 4% of the company's annual global revenue. In this article, we analyzed new rules for the processing of personal data in the EU and formulated recommendations for Russian companies on how to respond to the GDPR.

Who is within the scope of the GDPR?

The GDPR has an extraterritorial effect and is applied to all companies that process personal data of residents and EU citizens, regardless of the location of such a company.
Of course, branches and representative offices of Russian organizations on the territory of the EU will have to meet new requirements.

Should such an organization comply with the GDPR? - Yes!

After all, services and goods are obviously offered to Europeans, because:

  • services / goods are adapted to the local languages ​​of EU residents
  • services / goods are paid in local EU currencies
  • services / goods are provided on national top-level domains of EU countries

This means that organizations, processing personal data Europeans in Russia in the implementation of online sales (for example, Russian Railways, airlines, hotels, hostels and others) are subject to the GDPR and are required to comply with the new European rules for processing personal data.

It is important to note that in addition to the processing of personal data in the GDPR, the concept of monitoring the behavior of data subjects is used, which drives another category of subjects under the GDPR. The GDPR applies to organizations established outside the EU if they (as a controller or processor) control the behavior of EU residents (to the extent that such behavior takes place in the EU).

What is meant by personal data in the GDPR?

Personal data is any information relating to an individual, on which, directly or indirectly, it can be determined. Such information includes, but is not limited to, the name, location data, online identifier or one or more factors specific to the physical, physiological, genetic, intellectual, economic, cultural or social identity of that individual. Any photos with a face. The definition is broad and fairly clear that even IP addresses can also be personal data. There are also certain types of personal data belonging to the category of personal data: racial or ethnic origin, political views, religious or philosophical beliefs and membership in trade unions, genetic, biometric data, health data, information relating to sexuality or sexual orientation.

6 data processing principles for GDPR:

  • Legality, justice and transparency. Personal data must be processed legally, fairly and transparently. Any information on the purposes, methods and volumes of personal data processing should be stated as accessible and simple as possible.
  • Limitation of purpose. Data must be collected and used for the purposes stated by the company.
  • Minimization of data. You can not collect personal data in a larger volume than is necessary.
  • Accuracy. Personal data that is inaccurate must be deleted or corrected.
  • Restriction of storage. Personal data must be stored in a form that allows identification of data subjects for a period of no more than necessary for processing purposes.
  • Integrity and confidentiality. When processing user data, companies must ensure the protection of personal data from unauthorized or illegal processing, destruction and damage.

Key requirements:

  • Notification of violations of the GDPR
  • The rights of the data subject (individual)
  • The right to data portability
  • Consent to processing
  • Special protection of personal data of children
  • Appointment of the person responsible for protecting personal data

What to do?

If you enter the coverage area of ​​the new European data protection regulations or plan to provide services and goods to the EU and Cyprus, it is recommended that a comprehensive evaluation of the methods and means of personal data processing applied in the company be carried out and brought into line with the new GDPR rules. It is also necessary to revise the privacy policy and regulations on the processing of personal data of the Terms of Use of its websites and online services aimed at European consumers and users. To comply with the requirements of the GDPR, it is necessary to develop internal data protection policies, train personnel, conduct data processing checks, maintain documentation on processing processes, implement measures on the built-in confidentiality system, and appoint a person responsible for processing personal data (naturally, taking into account the nature and volumes of processed personal data).


GDPR — важнейший законодательный документ, который повышает уровень защиты персональных данных в ЕС и за его пределами. Он требует внимательного изучения и соблюдения. Реформа дает ясность и последовательность правил, которые должны применяться в области защиты данных. Она также восстанавливает доверие пользователя-потребителя, что позволяет бизнесу максимально использовать возможности на едином европейском цифровом рынке. Сбор, анализ и перемещение персональных данных по всему миру приобрели огромное экономическое значение. Персональные данные – это, безусловно, “валюта” современной экономики. И если вы осуществляете сбор пользовательских данных в каком-либо виде — за их сохранностью надо внимательно следить, чтобы избежать leakage and possible manipulation by third parties.

От этого закона могут пострадать фотографы, так как станет невозможным выкладывать в сеть фотографии, сделанные в публичных местах, на которых присутствуют люди, необходимо будет согласие каждого на фотографии. С другой стороны, такая фотография может быть быстро удалена, по требованию любого физического лица, находящегося на фото. – Source

Catty Cage
Cyprus Butterfly
G|translate Your license is inactive or expired, please subscribe again!