Data Protection and Privacy

How should my organisation be thinking about data protection and privacy?

Data needs to be safe and secure, dealt with properly, but it also needs to be recognised as an asset and used by organisations in an ethical and appropriate way that retains trust in those whose data it is. Progress is dependent on safely exploiting the data you hold and unlocking the potential it presents.

The need to comply with GDPR and other local and international data privacy laws and regulations brings with it the opportunity to reconsider the data you have as the means to accelerate growth in your business and to solve some of society's biggest issues.

Identifying and securing data

It is of paramount importance to understand what data you have and to ensure it is properly recognised, secured and complies with governing legislation, such as GDPR. For example, you need to ensure that subject access requests can be complied with, without causing business issues in your own systems and processes; that you are, more simply put, data privacy fit.

How we can help

Out team has extensive practical experience to support you in a range of matters pertaining to data protection and privacy, including the following: 

• Appointment to the office of Data Protection Officer. 
  
• The preparation of data protection policies, information security policies, incident response procedures, registers of processing activities and performance of staff awareness trainings on basic principles of data privacy law and cyber security (physical workshops or e-learning options). 
  
• The drafting / review of privacy notices for employees and / or the business.
  
• The provision of legal advice / recommendations as regards, inter alia,  principles of processing and determining a lawful basis of processing, controller-processor relationships, transfers of personal data outside of the EEA, performance of a data protection impact assessments, designation of a data protection officer and data breaches. 
  
• The drafting / review of inter alia data transfer agreements, consent forms, controller/processor agreements, reviewing any agreement in place between the Company and its business affiliates for compliance with applicable data privacy law.
  
• The performance of data protection impact assessments and data protection risk assessments.
  

S. A. EVANGELOU & CO LLC is a member firm of PricewaterhouseCoopers International Limited (PwCIL) and part of the PwC’s Tax and Legal Services Network providing Legal Services in Cyprus.  It is a private company with limited liability by shares having its registered office at 43 Demosthenis Severis Avenue, PwC Central, 4th floor, CY-1080 Nicosia, Cyprus, and it was registered in Cyprus as a Lawyers’ Limited Company under reg. no. 233481. Lists of all Directors and practicing advocates are available at its registered office and/or at its website.