GDPR Compliance: Notification of Data Breaches – Cyber attacks
Polina Christodoulou and Vasilis Charalambous 10:00 - 16 March 2023
As a business owner in Cyprus and in light of the recent cyber-attacks to the University of Cyprus and the Land Registry Department, it is important to understand your responsibilities when it comes to data protection and the notification of data breaches or hacking incidents. The General Data Protection Regulation (GDPR) sets out strict obligations and guidelines for companies to follow in the event of a data breach.
In the event of a serious data breach or hacking incident, the first step is to notify the relevant authorities. According to the GDPR you should inform the Office of the Commissioner for Personal Data Protection without undue delay and, where feasible, not later than 72 hours after having become aware of it. You should also report the incident to the Cyprus Police Cybercrime Subdivision the Office for Combating Cybercrime which is responsible amongst others for the investigation of crimes committed via the internet or via computers.
Moreover, if the breach poses high risk to the rights and freedoms of the persons whose data have been exposed, you must also notify the affected individuals personally without undue delay.
When notifying the Commissioner and the affected individuals, it is important to provide specific details about the breach. This includes the nature of the breach, the types of data that were compromised, the number of individuals affected, and the potential consequences of the breach.
It is also important to take steps to mitigate the effects of the breach and prevent further damage. This may involve working with IT security or Legal experts to identify and address any vulnerabilities in your systems or processes or any regulatory compliance obligations.
Finally, it is important to take steps to prevent future data breaches. This may involve implementing new security measures, such as encryption, access controls, and monitoring systems, to help protect against future attacks.
Polina Christodoulou, Associate Partner – Head of GDPR
Vasilis Charalambous, Senior Lawyer - Head of GZGTech
George Z. Georgiou & Associates LLC
News Feed
18 hours, 21 minutes ago People
UAMCO's John Savvides on turning Cyprus into an unlikely node in global aviation maintenance1 day, 18 hours ago Technology
Dr Maria Terzi: The next defining shift in warfare will be the full integration of AI across both physical and digital domains1 day, 18 hours ago Companies
Meet the ultimate 24/7 digital passenger assistant at Larnaka & Pafos Airports1 day, 18 hours ago Companies
GOLD New Issue: The Limassol Issue2 days, 10 hours ago Current Affairs
The AfroBanana Festival evolves and takes the stage at the Nicosia Municipal Theatre2 days, 10 hours ago Financial Services
Hellenic Bank and Eurobank Cyprus becoming one and reshaping the banking map2 days, 11 hours ago Companies
KPMG SIL (Startup innovation Lab) Investor Day celebrates innovation and bold ideas