Announcement of the Commissioner for Personal Data Protection for the carrying out compliance checks with the General Regulation on Data Protection

The Commissioner for Personal Data Protection (the “Commissioner”) has announced on 13 July 2020 that in accordance with the provisions of article 51(7)(a) of the General Data Protection Regulation (“GDPR”) to “monitor and enforce the implementation” of the GDPR and in exercising its investigative powers under the provisions of article 58 (1)(b) of the GDPR “to conduct investigations in the form of data protection audits”, has commenced investigations on private companies. The purpose of these audits is to assess the level of compliance of companies with the GDPR and the practices and procedures adopted by the companies, as well as, to keep records of the procedures adopted by the companies.

These audits are part of the general framework of auditing the compliance of specific sectors of the private sector with the GDPR and concern small and medium businesses in Cyprus. The audits consist of a legality and a technical audit, and are carried out by completing, by the audited entities, an electronic questionnaire.

The Commissioner notes in her announcement that the completion of the audits and the analysis of the results, will provide a clear picture as to the level of compliance of small and medium-sized businesses with the GDPR, which will then be announced to the public.

Our firm specialises in all aspects of data protection and privacy law and is able to assist organisations with achieving compliance with data protection and privacy legislation.