We use cookies for statistical purposes.

Our Articles

Data Protection Law in Cyprus

Data Protection Law in Cyprus

The data protection legislation in Cyprus takes into account the protection of information provided by natural persons and legal entities on the Cypriot territory. Because Cyprus is a member state of the European Union (EU), the local authorities have implemented in the national legislation the EU’s Data Protection Directive 95/46/EC on the processing of personal data. Persons who are interested in the provisions of the legislation can find out more details on the matter from our lawyers in Cyprus

The provisions of the Cypriot data protection legislation  

The local authorities have created the legislation with the purpose of providing a legal framework which will protect the legal rights of the natural persons and legal entities in Cyprus. It provides a comprehensive image on the ways in which personal data can be collected, processed and transferred

The main authority which controls the enforcement of the data protection law is the Office of the Commissioner for Personal Data Protection

The legislation provides a clear understanding on what personal data means, which represents all types of information related to the private life of a person, such as the home address or personal phone number, the bank account, e-mail address and many others. 

The Cypriot legislation also prescribes definitions of the “sensitive data”. The term refers to personal information related to a persons’ ethnicity, political orientation, health, sexual orientation or religion. 

The legislation is applicable to all entities in Cyprus, including foreigners who live here for work purposes or those who want to obtain the Cypriot residency. Those who need more information on the broad meaning of personal data and the ways in which it is protected can receive assistance from our attorneys in Cyprus

Data controllers in Cyprus  

Legal entities which act as data controllers in Cyprus are required to register with the Office of the Commissioner for Personal Data Protection and the procedure is compulsory for all types of data controllers. The respective entity must provide details on the business address, the main reasons for which the data must be collected, the period in which such information will be collected and many others. 

Data can be collected in Cyprus only if the respective companies or institutions provide evidence referring to the persons’ consent on such actions. 

Those who need to receive more details on the data protection law in Cyprus are invited to contact our Cypriot law firm