This site uses cookies to provide you with a more responsive and personalised service. By using this site you agree to our use of cookies. Please read our PRIVACY POLICY for more information on the cookies we use and how to delete or block them.
  • Privacy (GDPR) and Data Protection

Privacy (GDPR) and Data Protection


Data protection refers to the right to privacy and the right to determine how your personal data is used. On 25 May 2018 new data protection regulations entered into force in Cyprus with the adoption of the EU’s General Data Protection Regulation (GDPR). The Regulation will impose new and more stringent requirements on enterprises.

Companies doing business with or in the EU or marketing goods and services to EU residents must update how they collect, handle and secure information that identifies a natural person, such as name, address or email address, or they risk facing heavy fines and penalties. Penalties may even be criminal in nature and even companies that are not located in the EU may be impacted as their EU client companies and suppliers may require compliance as a condition of continued business. Breaches of data protection regulations can result in loss of reputation, being reported to the authorities, liability to pay compensation, and fines from the Cyprus Data Protection Authority. The EU’s new Data Protection Regulation will increase these fines to the greater of EUR 20 million and 4 per cent of a company’s global sales.

BDO has extensive experience of assisting enterprises in complying with data protection regulations.

We can help you with:

  • Preparing to implement the EU’s General Data Protection Regulation

  • Assessing whether your enterprise’s procedures comply with Best Practice

  • Preparing and implementing required procedures

  • Ensuring satisfactory data security

  • Acting as the enterprise’s Data Protection Officer/expert support

  • Preparing data protection declarations

  • Preparing data processor agreements

  • Training, courses and presentations

  • Support you during a breach or crisis with our Crisis Management and Cyber Incident Response Team (CIRT)

With our proven methodology we can identify all existing gaps relative to the regulation and prepare a treatment plan towards meeting GDPR requirements. We can develop and implement effective policies and/or procedures and mechanisms making GDPR requirements an integral part of your business operations thus, establishing and maintaining an over-arching internal GDPR framework and culture.


The cost of recruiting, employing, managing and training a DPO in a wide spectrum of capabilities relevant to organization core business can be costly and time consuming. DPOaaS is a cost effective way to meet regulatory compliance obligations for companies with low budgets or economic constraints. We can provide advisory, monitoring and development services upon request. We can mature your internal information security culture and awareness profile to meet the needs of the regulation. Our DPOaaS provides impact assessment advisory services, liaise between your organization, the subject, and the supervisory authorities, monitor policy adherence and provide guidance to attain and demonstrate compliance to small, medium, large organizations.