Website Screenshots by PagePeeker Personal Data Protection In Cyprus – Heres The Answers

Personal Data Protection In Cyprus


Personal data defines any information relating to a natural living person. Some illustrating examples are the number of our identity card, passport, date of birth, mailing address, email, etc. In many cases, individuals need to provide their personal data to third parties for many reasons, such as to order a product online, to request a service, to answer a survey, to open a bank account, to watch a film online, to buy a flight ticket, etc. However, has anyone asked if this information is stored and how is it processed?

Obviously, personal data protection impact to a great extent many aspects of professional, social and business life. Moreover, privacy has an impact on the private life of citizens. As a result, personal data protection is an important matter that needs to be addressed by public and private organizations while performing their daily operations.

In Cyprus, 'The Processing of Personal Data (Protection of the Individual) Law of 2001' (138 (I) 2001) regulates the collection, the process and the use of personal data. The particular law entered into force in 2001 in order to address privacy issues related to collection, storage, processing, distribution and use of personal data. Furthermore, the Law was amended in 2003 so that to harmonize the Cyprus legislation with the EU Directive 95/46 on the protection of individuals regarding the processing of personal data.

The business operations that are affected by Law 138 (I) 2001 are any operation that involves the collection, storage, organization, conservation, extraction, use, distribution and destruction of data. Here, the provisions of this Law apply to the processing of personal data entirely or partly by automatic means, and to processing other than by automatic means of personal data that sentence part of a filing system or are envisioned to be part of a filing system.

Which rights do individuals have concern about their personal data kept by third parties?

  • The right to information;
  • The right to access;
  • The right to rectification;
  • The right to object;
  • The right to compensation;

Conditions for lawful processing of personal data:

According to the provisions of the Law, the processing of personal data is permitted only if an individual give his / her consent.

However, it is also permitted without the consent of the individual in the following cases:

  • in case it is necessary for compliance with a legal obligation;
  • for the performance of a contract the individual is a party to;
  • to ensure the vital interests of the individual;
  • for purposes of public interest;
  • for the legitimate interests pursued by the controller or the third party, under the condition that such interests override the rights of the individual, interests and fundamental freedoms;

Sensitive Data:

It should be pointed out that 'sensitive data' denotes any information relating racial or ethnic background, political orientation, religious or philosophical convictions, participation in a body, association and trade union, health, sex life and erotic orientation as well as data relating criminal prosecutions or convictions.

According to the Law, sensitive data enjoy a greater level of protection since it is easier for people to experience discriminations based on these data. As a result, the Law provides that the processing of sensitive data is prohibited.

Neverheless, the processing of sensitive data is permitted under the following conditions:

  • if the individual has given his / her explicit consent, unless such consent has been obtained unlawfully;
  • in the case that data processing is necessary for the fulfillment of an obligation in the employment sector;
  • for the protection of vital interests;
  • within the context of the activities of an organization or union the individual is a member of;
  • for national or public security purposes;
  • for statistical, research, scientific and journalistic purposes;
  • in case data processing is associated with medical data and is performed by an individual who offers health services by profession and has a duty of confidentiality or is subject to relevant codes of conduct, under the condition that the processing is required for preventive medicine, medical diagnosis and the provision of health-care services.

AD2 (adsbygoogle = window.adsbygoogle || []).push({});

Source by Michael Chambers

Get the FREE eBook...
Enter your email address and click on the Get Instant Access button.
I agree to have my personal information transfered to MailChimp ( more information )
We respect your privacy

Leave a Reply

Your email address will not be published. Required fields are marked *