fbpx
Picture of M. Paraschou Law

M. Paraschou Law

GDPR – PERSONAL DATA PROTECTION: Part 1

What is ‘Personal Data’?

In a society where ‘information is power’, it is crucial for businesses to ensure the safe-keeping of personal data in relation to their employees, clients and associates.

What is considered to be Personal Data? What is the infamous GDPR, what does it cover, who does it apply to and what about penalties and fines?

What does the term ‘Personal Data’ mean?

Personal Data refers to any information relating to an identified or identifiable natural person. The term, therefore, concerns any data which on its own directly identifies, or can be used to indirectly identify, when combined with other information, a natural person.

Following from the above, the information below (among other) falls within the definition of Personal Data:

  • Name
  • ID or Passport Number
  • Address
  • Email & Phone Number
  • IP Address

The information specified below is classified as sensitive, or Special Category Data, for which a higher standard of protection is applied:

  • Racial or ethnic origin
  • Political opinions
  • Religious or philosophical beliefs
  • Trade union membership
  • Genetic data
  • Biometric data for the purpose of uniquely identifying a natural person
  • Data concerning health, sex life or sexual orientation
  • Data relating to criminal convictions and offences 

What is the infamous GDPR?

The General Data Protection Regulation (or in short, the GDPR), is a European Union regulation enacted in May 2018, to enhance data protection and privacy for individuals in the EU and the European Economic Area. The Law for the Protection of Natural Persons with regard to the Processing of Personal Data and for the Free Movement of such Data of 2018 (Law 125(I)/2018) has been enacted for the effective implementation of the GDPR provisions in Cyprus.

The GDPR grants individuals (the ‘Data Subjects’) more control over their Personal Data by providing them specific rights, and imposes strict obligations on legal and natural persons who control such data (the ‘Data Controller’). This regulation applies (1) to the processing of Personal Data by a Data Controller who is based in the EU, regardless of whether the data processing takes place within or outside the EU, and (2) to Data Controllers established outside the EU who process Personal Data for the provision of goods or services to Data Subjects located in the EU or the EEA, or who monitor the behaviour of Data Subjects within the EU.

Looking to find out more? Contact our team at info@ paraschou.com.cy

Share this post

Contact Us

Receive the latest news

Subscribe to our newsletter

Sign up for the monthly newsletter and never miss an update.