August 30, 2019

Data Privacy Compliance

The EU General Data Protection Regulation (“GDPR”) which was implemented over a year ago substantially changed data privacy rules. By now organisations in the EU or organisations outside the EU which process personal data of EU residents should be in a position to demonstrate that they fulfill the necessary requirements for compliance.

Key issues and practical considerations arise which impact the majority of organisations and address gaps in compliance. For instance, organisations should assess any non-EU entities that process personal data of EU residents, third party processors, determine their “main establishment” if they have establishments in more than one EU Member State and implement effective internal systems, safety controls and technical measures that comply with the GDPR, as well as a privacy policy.

It is particularly important for organisations to increase awareness through training of all stakeholders involved and to assess if they should appoint a Data Protection Officer (“DPO”) and set up a Privacy Office. The DPO should be able to provide to the organisation day-to-day independent advice in relation to the GDPR.

Additionally, given the focus of the GDPR on accountability, a Data Privacy Impact Assessment should be carried out by organisations in certain circumstances in order to evaluate if specific processing may entail a high risk for the rights and freedoms of individuals.

Of course the competent regulatory authority plays a crucial role in implementation and enforcement of the GDPR and corresponding national legislation as well as respective guidelines, and should be consulted as appropriate.

  • Data Security and Privacy Awareness
  • Data Protection Implementation and Compliance
  • Privacy Policy and Notice
  • Data Privacy Impact Assessment
  • Data Protection Officer
  • Data Security and Privacy Management
  • Technology and Cybersecurity


Our firm helps SMEs and large organisations in a wide range of sectors to comply with the GDPR, national legislation, and the relevant guidelines of the European Data Protection Board and the local Commissioner for Personal Data Protection. Our associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption. We advise on the appropriate safeguards that must be implemented in the Digital Age, particularly considering the substantial risks and potential consequences involved.

Please do not hesitate to contact us if you require any related advice or support.

Copyright © 2020 K. A. Kourtellos & Co LLC
K. A. Kourtellos & Co LLC is regulated by the Cyprus Bar Association
magnifiercrossmenuarrow-up linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram