On 28 May 2019 the Office of the Commissioner for Personal Data Protection (“Office of the Commissioner”) issued a circular providing statistics following one year since implementation of the EU General Data Protection Regulation (“GDPR”).
Since 25 May 2018 the Office of the Commissioner received in total 424 complaints. 135 of such complaints concerned advertising material (spam). A significant proportion of such complaints was attributed to non-authorised access, disclosure of personal data and non-satisfaction of the right to access. Additionally, certain complaints concerned the legitimacy of Closed Circuit Television (CCTV).
Moreover, the Office of the Commissioner received 49 notifications of violation of personal data and in turn issued 16 decisions. Financial sanctions in the sum of EUR36,900 were imposed in relation to 9 of such decisions.
Furthermore, the Office of the Commissioner received declarations for Data Protection Officers from 442 organisations in the public sector and 828 organisations in the private sector.
Importantly, the Office of the Commissioner carried out 9 discretionary on-site checks.
It is noteworthy that the Office of the Commissioner is the Head Independent Supervisory Authority for 12 cases of cross-border cooperation from a total 416 cases which have been registered in the relevant system and concern companies that have their main establishment in Cyprus.
Our firm helps SMEs and large organisations in a wide range of sectors to comply with the EU General Data Protection Regulation, national legislation, and the relevant guidelines of the European Data Protection Board and the local Commissioner for Personal Data Protection. Our associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption.
Please do not hesitate to contact us if you require any related advice or support.