8:00 - 19:00

Our Opening Hours Mon. - Fri.

+357 25 660 092

After Hours Call +357 99 345 000 Call Us For Free Consultation

Facebook

Twitter

LinkedIn

 

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001

Michalaki, Pitsillidou Law Firm > English Articles  > THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001

The purpose of the Law 138(I)/2001is to protect the fundamental rights of citizens and to address privacy issues arising out of the collection, storage, processing and use of personal data.

At the same time, the Article 8 of European Convention on Human Rights includes the right to respect for private life.

According to the abovementioned law which is harmonized with the European directives, “personal data” means: any information relating to a living data subject. ‘Sensitive data’ are data concerning racial or ethnic origin, political opinions, religious or philosophical beliefs, participation in a union, health, sexual life and orientation, as well as anything relevant to criminal prosecutions or sentencing. Consolidated data of a statistical nature, from which the data subject cannot be identified, are not considered to be personal data.

  • A ‘data controller’ is any person who determines the purpose and means of the processing of personal data.
  • A ‘data processor’ is any person who processes personal data on behalf of the controller. Acting on behalf of someone means serving someone else’s interests and recalls the legal concept of ‘delegation’. In the case of data protection law, a processor is called to implement the instructions given by the data controller at least with regard to the purpose of the processing and the essential elements of the means.
  • A ‘data subject’ is a natural person to whom the data refer and whose identity is known or can be directly or indirectly ascertained, in particular on the basis of his identity number or on the basis of one or more relevant elements which characterise his existence from a physical, biological, psychological, economic, cultural, political or social point of view.
  • A ‘third party’ is any person other than the data subject, the data controller and the data processor and the persons who, under the direct supervision or on behalf of the controller, are authorised to process the personal data.

The collection and processing of sensitive data is prohibited. But when one or more of the following conditions are fulfilled then:

  1. The data subject has given his explicit consent, unless such consent has been obtained illegally or is contrary to accepted moral values or a specific law provides that consent does not lift the prohibition.
  2. Processing is necessary so that the controller may fulfill his obligations or carry out his duties in the field of employment law.
  3. Processing is necessary to protect the vital interests of the data subject or of another person where the data subject is physically or legally incapable of giving his consent.
  4. The processing relates solely to data which are made public by the data subject or are necessary for the establishment, exercise or defence of legal claims before the Court.

(Not exhausted list)

The DATA PROTECTION AUTHORITY is the Office of the Commissioner for the Protection of Personal Data. The Commissioner is a public independent administrative authority and its primary objective is to apply the Law and to ensure that every individual’s right to privacy is protected when personal data are processed.

For more information and guidance get in touch with our lawyers or email iMPK Global Business Law Firm – Cyprus Lawyers, at info@impklawyers.com .Tel. +357 99345000 – Fax +357 25 660097

No Comments

Leave a Comment

Translate »
GET IN TOUCH