The new regulation for the protection of personal data will be enforced at the end of May 2018 in Cyprus and across Europe.  The new regulation affects every citizen, business, organisation and public authority that handles personal information. 

The new regulation describes the manner of the recognition for the protection of personal data.  It provides us with the rudimentary definitions for us to be able to recognise information which is termed as personal data and which is permitted to be used, stored, disregarded/deleted, transferred and to be utilised in a manner that will protect personal data.

The difficulty with personal data and especially nowadays with the development of technology, the risk is not immediately or readily understood by a company, organisation, public authority or individual that includes the level of exposure that they are being placed in with the use of this type of information and its transfer to any Third Parties.

In consideration of this legislation, every company, organisation, public authority and/or individual is obliged to observe the new regulation or be confronted with significantly increased fines for non-compliance (upto €2million or 4% on the Turn Over of a company). 

According to EU law, personal data can only be legally collected under stringent conditions and for a legitimate purpose. The rights of the data owners are guaranteed by EU law and any personal information must be protected from misuse.

Consequently, common EU rules have been established to ensure that your personal data benefits from a high standard of protection anywhere in the European Union including an entitlement to complain and obtain redress if data is mishandled within the European Union.

The new regulation is a significant move in strengthening citizen’s fundamental rights and in facilitating businesses by simplifying company procedures in the Digital Single Market so that they are able to benefit from the digital economy.

Under the new regulations, companies must keep a thorough record of how and when an individual gives consent for the storage and use of their personal data.  Consent will mean active agreement and cannot any longer be inferred from by example a pre-ticked box.  Companies that control how and why data is processed will have to show a clear audit trail of consent, including screen grabs or saved consent forms.

Individuals also have the right to withdraw consent, easily and swiftly at any time.  When consent is withdrawn all details must be permanently erased and not just deleted from a mailing list.  The General Data Protection Regulation (GDPR) gives individuals the right for the erasing of data.

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation of which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).  It also addresses the export of personal data outside of the European Union. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the European Union. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) of 1995.

Unlike a directive, the new regulation does not require national governments to pass any enabling legislation and is therefore directly binding and applicable. Consequently, every citizen and every business and organisation that handles personal information is advised to obtain a legal opinion for compliance with the requirements of the law and prepare a database that completely conforms with the regulation.

Compliance with the new regulation does not have to be problematic – even if confronted with the multifaced challenges of meeting the European Union’s, General Data Protection Regulation (GDPR) deadline of May 2018.  Pre-planned effective legal advice will provide you with the time to organise your company or organisation on time and be ready for its observance by the end of May 2018.

The content of this article intends to provide a general guide to the subject matter.  Specialist advice should be sought on each particular case.

For any further information, please contact , Lawyer, Director and Partner of the Paphos Office of the Firm.