One Year of GDPR: The Aftermath in Cyprus and abroad

06 Jun 2019

The 25th May 2019 marked the one-year anniversary of the General Data Protection Regulation (GDPR). Administrative fines, data breach notifications, complaints and Data Protection Officer (DPO) appointments from private and public sector Organizations have been recorded in Cyprus.

During this year the Office of the Cyprus Commissioner for Personal Data Protection have received plenty of complaints about marketing messages, unauthorized access/disclosure of personal data, not responding to the right of access request, and the lawfulness of the Closed-Circuit Television systems. In addition, 49 data breach notifications have been recorded. The office of the Commissioner imposed 9 fines totalling €36.900 while it issued 16 decisions on Data Protection issues and conducted several own initiative investigations. A part of the private and public sector organisations appointed a Data Protection Officer.

The EU Data Protection Authorities (DPAs) have shown strong implementation and fined 91 Organisations for GDPR violations in this first year. The sum of fines amount to approximately €56 million, including €50 million against a single Company. The EU DPAs tended, at the beginning of GDPR’s enforcement phase, to adopt a constructive approach, as they did not wish to put companies out of business with fines so high that a company would be incapable of fixing the problem. They aimed at incentivizing companies to comply with the GDPR, advising them that if they do not, this lenient approach will change and the fines will inevitably get higher.

GDPR has become a part of our lives and it is here to stay. The era of leniency, as the public comments suggest, is about to change and companies are expected to embed GDPR and a data protection culture into their business cores.

GDPR compliance is an ongoing challenged process, requiring time, dedication and commitment. Companies need to adopt a GDPR compliance program which is customised to their business needs and ensure that they are keeping aligned with GDPR requirements, guidelines and enforcement decisions from DPAs.

One of the biggest challenge of GDPR compliance is that it requires financial and employee sourcing or outsourcing. Choosing the right people to assume the Compliance project is not easy. It is observed that the threat of high fines for non-compliance has drawn the Companies’ attention to GDPR and increased the demand for privacy professionals to engage this project. According to a new research of the International Association of Privacy Professionals (IAPP) estimates that 500,000 European organizations have registered data protection officers (DPOs) within the first year of the GDPR. Since organizations are permitted to use external DPOs who in turn may serve multiple organizations, the IAPP expects the number of actual DPOs to be lower than the total count of organizations.

Making efforts to comply with GDPR and change the culture within your business, despite the workload and costs associated ‘’offers a payoff down the line, not just in better legal compliance, but a competitive edge’’ as the UK Information Commissioner Elizabeth Dedham said at the recent Data Protection Practitioners Conference. She also elaborated by saying that:


“Whether that means attracting more customers or more efficiently meeting pressing public policy needs, I believe there is a real opportunity for organisations to present themselves on the basis of how they respect the privacy of individuals. Over time this can play a real role in consumer choice.”

MORE RELATED NEWS

Saudi Arabia Data Protection Compliance: National Register for Controllers and Data Protection Officer Requirements
Raphael Legal and Privacy Minders Author the Cyprus Chapter in the ICLG Data Protection Guide 2024
How IAB Europe TCF v2.2 Enhances Digital Advertising Privacy Compliance
ENISA Report on Engineering Personal Data Protection in EU Data Spaces
Larnaca, Cyprus

32 Konstantinou Paleologou Street,
The Square, 2nd Floor,
6036 Larnaca, Cyprus

London, United Kingdom

71-75 Shelton Street
London WC2H 9JQ
United Kingdom

Get in touch

Tel: +357 24 32 33 33
Email: info@privacyminders.com

Click here to Subscribe