• On 6th April 2016, the European Union voted for the application of the General Data Protection Regulation with a final date for all Member States of the European Union on 25th May 2018. The new Regulation, with its implementation, repeals the earlier Directive 95/46 / EC which concerned the protection of personal data.

  • The Law of the Republic of Cyprus 125 (I) 2018 and GDPR 679/2016 explicitly stipulates that the use of CCTV must be in accordance with the principles of the law.

    Practically what does that mean?

    Every employer has the right to secure the assets of his business and, of course, the staff who work there, as well as third parties who may be moving in these premises. It is commonly accepted and clear that such measures limit and are considered dissuasive as to the achievement of notional purposes. There are incidents where a suspected person was identified and handed over to the authorities due to the use oc CCTV. Another part also concerns insurance companies that demand evidence to be able to pay the appropriate compensations.

    On the other hand, however, the use of CCTV constitutes a violation of privacy, especially when there is sound, where this is forbidden in every case.

  • Companies that collect data on citizens in European Union (EU) countries need to comply with strict new rules around protecting customer data. The General Data Protection Regulation (GDPR) sets a new standard for consumer rights regarding their data, but companies will be challenged as they put systems and processes in place to maintain compliance.

    Compliance will cause some concerns and new expectations of security teams. For example, the GDPR takes a wide view of what constitutes personal identification information. Companies will need the same level of protection for things like an individual’s IP address or cookie data as they do for name, address and Social Security number.

    The difference between the "Directive" and the "Regulation" is that the Regulations are binding, enforceable, fine-tuning laws. By decision of the Cypriot Parliament GDPR 679/2016 was officially enacted and institutionalized by the Republic of Cyprus. The Law 125(Ι) 2018, in Cyprus, was adopted for the purpose of effective implementation of certain provisions of the European Union Act entitled "Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on free movement of such data and for the repeal of Directive 95/46 / EC (General Data Protection Regulation) ".

    The regulation 679/2016 and the Cyprus Law 125(I) 2018, applies to any organization that collects, processes and stores personal data from EU citizens or a natural person residing in the EU or completing transactions within EU agencies.

    Some of the types that GDPR protects are the following:

    • Basic identity information such as name, address and ID numbers
    • Web data such as location, IP address, cookie data and RFID tags
    • Health and genetic data
    • Biometric data
    • Racial or ethnic data
    • Political opinions
    • Sexual orientation