K. A. Kourtellos & Co LLC has been selected as the winner in the category – Data Protection Law Firm of the Year in Cyprus – 2020 for the 11th Annual Global Legal Experts Awards.

Our firm was awarded after GLE conducted its extensive nomination and research process, where the shortlisted candidates were judged on client testimonials, key cases, overall reputation, publication contributions, speaking engagements and the performance and standing of teams and individual lawyers.

GLE is one of the world’s leading online resources for locating specialist legal advisers for the services required by businesses, investors and individuals around the world.

Our Data Protection Practice Group

Our Data Protection practice group helps SMEs and large organisations in a wide range of sectors to comply with the GDPR and national legislation, and the relevant guidelines of the Commissioner for Personal Data Protection.

Our technical associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption.

We advise on the appropriate safeguards that must be implemented in the Digital Age, particularly considering the substantial risks and potential consequences involved.

Please do not hesitate to contact us if you require further information or support on such matters.

Find out more here.

On 11 December 2019 the European Commission communicated the European Green Deal (“Green Deal”) for the EU and its citizens that aims to reset the Commission’s commitment to tackling  climate and environmental-related challenges, toward sustainable and inclusive growth.

The Commission has prepared concrete actions that will offer a strong basis for the Green Deal. It is an integral part of the Commission’s strategy to implement the UN 2030 Agenda and the Sustainable Development Goals. Benefits include zero pollution, affordable and secure energy, smarter transport and high-quality food. Further policy areas include the following:

Clean energy - Opportunities for alternative, cleaner sources of energy
Sustainable industry - Ways to ensure more sustainable, more environmentally-respectful production cycles
Building and renovating - The need for a cleaner construction sector
Sustainable mobility - Promoting more sustainable means of transport
Biodiversity - Measures to protect our fragile ecosystem
From Farm to Fork - Ways to ensure more sustainable food systems
Eliminating pollution - Measures to cut pollution rapidly and efficiently

The Green Deal aims to respond to these challenges through a new growth strategy that will transform the EU into a fair and prosperous society, with a modern resource-efficient and competitive economy where there are no net emissions of greenhouse gases in 2050 and where economic growth is decoupled from resource use. It also aims to protect, conserve and enhance the EU’s natural capital, and protect the health and well-being of citizens from environment-related risks and impacts.

This transition however must be just and inclusive, by putting people first and paying due attention to the key regions, industries and workers who face the greatest challenges. Needless to say that active public participation and consultation in decision-making, as well as transparency and accountability must be the main drivers of such ambitious exercise. In fact, the Commission will launch a European Climate Pact by March 2020 to focus on three ways to engage with the public on climate action.

Please find below Figure 1 that illustrates the various elements of the Green Deal (Source: https://bit.ly/393A5iR):

More specifically, to deliver the Green Deal, the Commission set out the following transformative policies and new initiatives:

The EU continues to be a leading forerunner in promoting and implementing environment, climate and energy policies. However, it cannot undertake such tremendous task alone and, therefore, cooperation by all Member States, other countries and all relevant stakeholders is imperative. As the world’s largest single market the EU can continue to set global standards. Ultimately, we must all work together in the best interest of current and future generations.

On 13 January 2020 the Cyprus Office of the Commissioner for Data Protection (“Commissioner”) announced its Decisions for the period October – December 2019. Key issues and practical considerations arise which impact the majority of organisations and address gaps in compliance with the EU General Data Protection Regulation (“GDPR”).

The GDPR and national legislation substantially changed data privacy rules. By now organisations in the EU or organisations outside the EU which process personal data of EU residents should be in a position to demonstrate that they fulfil the necessary requirements for compliance.

Please find below outline of the Commissioner’s decisions for the period October – December 2019:

1.Financial fines in total amount of EUR82,000 to a travel and tourism Group of companies for breach of obligations under articles 6(1) and 9(2) of the Directive

In assessment of the fines various factors were considered including, the number of data subjects (total number of employees), the nature and the duration of the breach as well as the work cycle of the Group of companies.

The Group of companies used the Bradford Factor as a means for HR to assess employees’ absenteeism due to sickness-related reasons. The main rationale of the automated system using the Bradford Factor is that short, regular and unplanned absences can be more disorganising than larger absences. Following assessment of all data collected by the Commissioner to examine the matter and having heard the data controller, the Commissioner ultimately deemed that the processing in question lacked a legitimate basis and, therefore, must be terminated and the data erased.

For a synopsis of the rationale of the decision please visit the website of the Commissioner: https://bit.ly/2uIaOfg

2.Fine of EUR9,000 for personal data breach by public authority

The Commissioner examined the matter further to publications in the media in relation to public authorities and organisations in their capacity as the data processor of the automated SI system in a matter concerning a breach of personal data of a number of natural persons in their data base. The Commissioner requested confirmation, description of circumstances in relation to the incident, the nature of the breach, the proposed measures to minimise effects, the consequences of the breach and the security measures in force, as well as the reasons for which they did not operate or were not effective, to avoid the incident.

Ultimately, the Commissioner concluded that their was a breach of the Directive given lack of security measures and several reasons including, omission of the authority to provide the Commissioner with a comprehensive report in relation to the relevant security incident. Further details on the matter can be found at the website of the Commissioner at: https://bit.ly/2uIaOfg.

3.The Commissioner examined two complaints filed against a company with main establishment in Cyprus

The complainants did not receive a response by the data controller within the timeframe provided by the Directive. Nonetheless, the Commissioner ultimately decided - on the basis of the explanations provided and actions taken by the company in question to address the issues - not to impose an administrative fine to the data controller (without prejudice in the event of future complaints for the same issue).

Please visit the website of the Commissioner at the following link for the full decision of this incident: https://bit.ly/2uIaOfg.

4.Complaint against a company that has its main establishment in Cyprus

The data subject filed a request for erasure at the company where he was previously employed. The company in question responded that certain of the data was erased, whereas other data will be stored for tax and VAT compliance purposes, and in the best interests of the company in the event of legitimate claims in accordance with Law on Limitation of Actions, (66(I)/2012).

The Commissioner ultimately deemed that the purposes of the data controller were indeed legitimate. Please see the website of the Commissioner at the following link for more information on this decision: https://bit.ly/2uIaOfg.

5.Complaints against a doctor member of GESY for registering clients without consent

The doctor claimed that it occurred by omission as a doctor of the relevant football game and team, albeit without consent, and bad communication with the relevant football team.

Despite the final erasure of their data, the Commissioner concluded that there was a breach of article 9(2)(a) of the GDPR and imposed, whereas the doctor was informed that if similar breach occurs in the future, it will be considered as an aggravating factor.

6.Receipt of marketing material without a free toll number for termination of the messages, despite already having complained against the same data controller

In the framework of examining the matter, the data controller claimed amongst other things that the number of the complainant had been removed however for technical reasons the system provider did not operate and that the system provider did not offer a free toll termination number.

Given the various mitigation factors concerned, including that there was no previous complaint at the Commissioner against the same data controller from any other data subject, a fine of EUR1000 was imposed.

7.Receipt of marketing material despite having already complained on the same issue against the same data controller

Upon examination of the matter, the data controller claimed that the dispatch was by omission given the previous responsible officer did not inform management on dispatch of the messages, hence the new responsible officer did not have the informed list of messages dispatched.

The Commissioner concluded that the data controller was obliged to undertake appropriate technical and organisational measures so that the claims of data subjects are respected, regardless if other members of staff had changed.

As a result the data controller was fined EUR1200.

8.Report against a company with main establishment in Cyprus

To participate in a game the data subject created an online account on the website operated by the relevant company. The data subject thereafter attempted to delete the account created. The company however suggested deactivation of the account, without satisfying the request for erasure.

Following examination of the complaint the company responded that it is obliged to maintain certain data for a particular timeframe, to comply with the provisions of relevant legislation. However, it ultimately confirmed the erasure of the data of the data subject, given that such erasure would not breach the provisions of any legislation.

Having examined the company’s Privacy Policy the Commissioner established that the information contained therein was not satisfactory in relation to the rights of data subjects and requested review and notification of the Privacy Policy accordingly.

Our Data Protection practice group helps SMEs and large organisations in a wide range of sectors to comply with the GDPR and national legislation, and the relevant guidelines of the Commissioner for Personal Data Protection.

Our technical associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption.

We advise on the appropriate safeguards that must be implemented in the Digital Age, particularly considering the substantial risks and potential consequences involved.

 

Please do not hesitate to contact us if you require any related advice or support.

Find out more here.

On 17 January 2020 the proposed legislation governing rentals through online Airbnb-type platforms was approved by Cyprus MPs to regulate short-term rentals which must be registered.

This ends unlicensed short-term accommodations since a register shall be created and managed by the Deputy Ministry of Tourism. Importantly, it will not be necessary for flat owners who operate Airbnb-type rentals to obtain the consent of the building’s management committee, however permission will need to be obtained from the Deputy Ministry of Tourism.

As a result, the strong tourism industry of Cyprus will be enhanced, given that Airbnb-type rentals will now be supervised and comply with H&S criteria accordingly. Nonetheless, hoteliers have expressed major concerns as regards unfair competition, considering that the new legislation permits owners of short-term rental accommodation to compete without any hindrance.

Cyprus is a popular tourist destination worldwide, boasting natural beauty, excellent climate and luxury resorts, as well as marinas in all coastal cities and the integrated casino resort in Limassol. In fact, Hospitality & Tourism constitute a key sector in Cyprus with the following features among many others:

K. A. Kourtellos & Co LLC is an independent, Cyprus-based law firm. We are trusted counsel to individuals, families, and businesses worldwide.

Our areas of expertise are Corporate & Commercial, Private Client, Real Estate & Infrastructure, Energy, Banking & Finance, Technology, IP & Data Protection, Dispute Resolution, Reputation and Crisis Management, Environmental and Shipping.

 

Please do not hesitate to contact us if you require further information or support on such matters.

On 17 January 2020 the Cyprus Bar Association (“CBA”) issued its new AML Directive pursuant to section 59(5) of the Prevention and Suppression of Money Laundering and Terrorist Financing Law of 2007 (188(I)/2007) as amended (“Law”).

The CBA was appointed by the Council of Ministers on 7 March 2001 as the Supervisory Authority for lawyers in accordance with section 59(4) of the Law.

In line with the EU Directive 2015/849 of the European Parliament and of the Council of 20 May 2015, the Law constitutes the obligations and responsibilities for implementation by professionals of measures against money laundering and combating terrorist financing activities. Whereas, the Directive addresses statutory and professional requirements as regards the avoidance, recognition and reporting of money laundering and terrorist financing activities.

The following were considered for the purpose of preparing the Directive, which replaces the Directive issued by the CBA in 2013:

You may view the Directive at https://bit.ly/2RBnHzl

This further establishes Cyprus as a compliant business jurisdiction. As a member of the European Union since 2004 and the Eurozone in 2008, Cyprus enhanced its role as robust and reliable destination for key players in various industries and sectors. Cyprus is rapidly growing and enhancing its reputation as a reliable financial and capital management centre. Major conglomerates have established their headquarters and expanded their business activities in Cyprus, given its extremely competitive commercial advantages.

K. A. Kourtellos & Co LLC is an independent, Cyprus-based law firm. We are trusted counsel to individuals, families, and businesses worldwide.

Our areas of expertise are Corporate & Commercial, Private Client, Real Estate & Infrastructure, Energy, Banking and Finance, Technology, IP & Data Protection, Dispute Resolution, Reputation and Crisis Management, Environmental and Shipping.

 

Please do not hesitate to contact us if you require further information or support on such matters.

The EU General Data Protection Regulation (“GDPR”) which was implemented over a year ago substantially changed data privacy rules. By now organisations in the EU or organisations outside the EU which process personal data of EU residents should be in a position to demonstrate that they fulfill the necessary requirements for compliance.

The President of the Republic of Cyprus, Mr. Nikos Anastasiadis, received today at the Presidential Palace the 2018 annual report (“Report”) of the Office of the Commissioner for Personal Data Protection. Delivering the Report, Data Protection Commissioner Ms. Irini Loizidou said the report "reflects the Office's activities since the full implementation of the European Regulation and clearly shows how people have accepted the Regulation, that is, both natural and legal persons".

Of course the competent regulatory authority plays a crucial role in implementation and enforcement of the GDPR and corresponding national legislation as well as respective guidelines, and should be consulted as appropriate.

Ms. Loizidou added that with implementation of the Regulation "there are many obligations, rights are strengthened and this is clearly demonstrated by the doubling of complaints and questions received and investigated by the Office." Ms. Loizidou also noted that the Office of the Commissioner is continuing its work at an intensive pace "to fully implement and ensure compliance with the Regulation in relation to the public and private sectors", adding that "the challenges are many and they multiply, and we are capable of serving society".

The President of the Republic of Cyprus, after congratulating the Commissioner on the work she has carried out, said that "the image has finally been established that there are finally institutions which, in the performance of their duties, are implementing legislation of a very strict importance, or with strictness for the importance they underlie.” And it is precisely that, in consideration of these strict provisions of the law, we have proceeded in order to facilitate the administration of justice by the law which I hope will pass by the Parliament on the 17th of the month, under which, under strict conditions, with approval by the Attorney General and by court order, telephone suspects will be monitored for committing crimes. And this is a significant improvement in the resolution, but also in the administration of justice. It is within the same context, too, that the major reform of the administration of justice is included and, therefore, taking into account a series of laws that we have introduced I believe will make a significant contribution to restoring the sense of law, to improving personal data conditions, but also to protect the privacy of every citizen, while not overlooking at the same time contributing and finally helping to improve the timeframe of serving justice. "

Key issues and practical considerations arise which impact the majority of organisations and address gaps in compliance. For instance, organisations should assess any non-EU entities that process personal data of EU residents, third party processors, determine their “main establishment” if they have establishments in more than one EU Member State and implement effective internal systems, safety controls and technical measures that comply with the GDPR, as well as a privacy policy.

It is particularly important for organisations to increase awareness through training of all stakeholders involved and to assess if they should appoint a Data Protection Officer (“DPO”) and set up a Privacy Office. The DPO should be able to provide to the organisation day-to-day independent advice in relation to the GDPR. Additionally, given the focus of the GDPR on accountability, a Data Privacy Impact Assessment should be carried out by organisations in certain circumstances in order to evaluate if specific processing may entail a high risk for the rights and freedoms of individuals.

Our firm helps SMEs and large organisations in a wide range of sectors to comply with the GDPR, national legislation, and the relevant guidelines of the European Data Protection Board and the local Commissioner for Personal Data Protection. Our associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption. We advise on the appropriate safeguards that must be implemented in the Digital Age, particularly considering the substantial risks and potential consequences involved.

 

Please do not hesitate to contact us if you require any related advice or support.

On 16 December 2019 the European Commission approved under EU state aid rules the Cyprus maritime transport scheme. The scheme is ultimately intended to encourage ship registration in Europe and contribute to the global competitiveness of the maritime sector without unduly distorting competition

Following assessment under its Guidelines on State aid to maritime transport (“Maritime Guidelines”), the Commission adopted a decision concerning the prolongation of a tonnage tax and seafarer scheme in Cyprus, which is in line with its interpretation of the Maritime Guidelines.

As regards the Cyprus tonnage tax scheme, the Commission established that it complies with the rules limiting tonnage taxation to eligible activities and vessels. Additionally, as regards  taxation of dividends of shareholders, the Commission established that it ensures that shareholders in shipping companies are treated in the same way as shareholders in any other sector. In addition, as regards the Cyprus seafarer scheme, the Commission found that Cyprus agreed to apply the benefits of the scheme to all vessels flying the flag of any EU or EEA Member State.

The favourable EU-approved tonnage tax regime for shipping activities in Cyprus contributes to its appeal as an international maritime centre. In addition, the Cyprus Yacht VAT and leasing scheme applies to pleasure yachts accordingly. In conclusion, the scheme aims to preserve Europe’s high social, environmental and safety standards, and ensure a level playing field in the industry.

Important developments constantly reshape the shipping industry, which ultimately adapts to the new requirements. Particularly given the uncertainty of the future, the relevant players need custom-made, long-term solutions for their commercial operations.

The coastal business centre of Limassol is still a well-regarded and long-established ship registration, finance and management centre. It is home to numerous prestigious shipping companies, agents, distributors and managers. Limassol has a long history as a trustworthy hub for shipping business between Europe, Asia and Africa. In fact, Limassol caters for more than 200 companies related to shipping ranging from ship ownership, management, insurance, finance, brokerage, bunkering, chartering and maritime training, amongst others.

Moreover, the Cyprus Alternative Investments Funds and the Cyprus Investment Programme regimes give way to investment in shipping activities.

Our firm advises on the appropriate legal structure and financing vehicle for shipping activities, and all ancillary matters.

Please do not hesitate to contact us if you require further information or support on such matters.

On 13 December 2019 Cyprus and a multinational consortium signed a contract to build a EUR290mln LNG terminal in Cyprus for the import of liquified natural gas for electricity generation.

The Cyprus natural gas infrastructure company (ETIFA, subsidiary of Natural Gas Public Company) signed the contract with the consortium consisting of METRON S.A. (Greece), Hudong-Zhonghua Shipbuilding Co Ltd (China) and Wilhelmsen Ship Management Ltd (Norway). The consortium is led by China Petroleum Pipeline Engineering Co Ltd.

It is estimated that this energy project will be completed by 2022 and will have an operational expenditure (Opex) at EUR10.5mln per year. It will include a floating storage and regasification unit (FSRU), a jetty for mooring the FSRU, a jetty-borne gas pipeline and ancillary infrastructure. It is also envisaged to develop a gas pipeline from Israel’s Exclusive Economic Zone to Cyprus.

Cyprus secured a EUR101mln grant from the European Union pursuant to the Connecting Europe Facility (CEF), the Cyprus Electricity Authority will further contribute EUR43mln and ETIFA will fund the remaining part with secured financing from the European Investment Bank (EIB) and the European Bank for Reconstruction and Development.

The operation of the LNG terminal in Cyprus will enhance energy security and efficiency in the region through diversification of energy production and competitive practices, as well as significantly reduce Cyprus’ carbon footprint.

Following years of efforts and commitment, this project undoubtedly propels Cyprus in the natural gas era. Needless to say the project must adhere to the highest standards and strictest qualitative, quantitative and financial criteria, along with the requisite precautionary environmental measures being put in place to safeguard the natural habitat.

Importantly, there has also been remarkable progress in the development of renewable energy projects, including photovoltaics and wind farms. Electricity from renewable sources is widely encouraged in Cyprus through a number of local and EU policies that support development, installation and use of RES installations.

Cyprus therefore has significant potential to play a key role as an energy hub in the Mediterranean, however must simultaneously aim to meet expectations for Climate Change targets and Sustainable Development goals.

Further to the agreement on the implementation guidelines of the Paris Climate Change Agreement at COP 24 in Poland in 2018, UN Climate Change Conference COP 25 is designed to take the next critical steps in the UN climate change process. The key objective of the conference is to complete certain matters as regards the full operationalisation of the Paris Agreement.

COP 25 is taking place between 2 – 13 December 2019 under the Presidency of the Government of Chile is held with support from the Government of Spain.

Furthermore the conference aims to build momentum ahead of 2020, when countries are committed to submit updated national climate action plans. Important climate action work will be undertaken in areas including finance, transparency of climate action, forests and agriculture, technology, capacity building, loss and damage, indigenous people, cities, oceans and gender.

The conference also includes the fifteenth session of the COP serving as the meeting of the Parties to the Kyoto Protocol, and the second session of the COP serving as the meeting of the Parties to the Paris Agreement. It will also present the body of climate action already carried out by non-party stakeholders and help stimulate the action of regions, cities, businesses, investors and civil society.

Environmental law and policies constantly evolve as an integral part of processes worldwide. Given the ongoing course of globalisation, a carefully balanced exercise is required by all stakeholders of a business to comply with environmental regulation. The environmental legal framework must be strategically used to combat critical environmental problems, in the best interest of current and future generations.

K. A. Kourtellos & Co LLC is committed to respecting the economy, our community and the environment, in the best interest of all stakeholders. This Policy starts from the Firm, in line with our strongly embedded Culture, Initiatives and Principles. Corporate Social Responsibility is an important priority for the Firm and our business approach contributes to sustainable development by delivering economic, social and environmental benefits.

The 7th Cyprus Banking Forum was held on 29 November 2019 at the Landmark Hotel in Nicosia, Cyprus. This event brought together established peers from the financial services sector. It addressed the latest developments in the banking industry and provided an overview of today’s banking ecosystem. The attendees had an opportunity to discuss the up-to-date key strategic issues of importance to banking professionals including global and European banking trends, consumer and retail banking in Cyprus, and the role of IT in the Digital Transformation journey of banks today.

The audience consisted of Board Members, CEOs, CFOs, CROs, MDs, Finance Directors, CRM Managers, Marketing, HR and IT Managers and other senior executives in the financial services arena, ranging from commercial and retail banks, investment, fiduciary and law firms to insurance companies and asset management firms (pension funds, UCITS, AIFs), as well as representatives from relevant local competent authorities and state authorities.

Of course, the Cyprus banking system has several reforms underway with significant challenges ahead, considering the European macro environment and the local economy, as well as the recent crisis. Overall there is a new vision for the Cyprus economy with contribution from the banking sector: achieving accelerated growth until 2030. Increased regulatory and legal measures continue to tighten the banking industry, particularly through Client Due Diligence on-boarding processes, which must be streamlined for efficiency and risk purposes.

The ongoing transformation of the banking sector ultimately adds value to the customer. However, risks and challenges such as IT, Cybersecurity and Data Protection are critical for a successful transition into the next decade of banking. Nonetheless, new and emerging innovative technologies are expected to revolutionise the worldwide financial services industry. Needless to say that such competitive developments must contribute to a beneficial and smooth business relationship between banks and customers.

LEGAL NOTICEPRIVACY POLICYCOOKIES INFORMATIONCORPORATE RESPONSIBILITYCAREERS
Copyright © 2020 © K. A. Kourtellos & Co LLC
K. A. Kourtellos & Co LLC is regulated by the Cyprus Bar Association
magnifiercrossmenuarrow-up linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram