Personal data defines any information relating to a living natural person. Some illuminating examples are the number of our identity card, passport, date of birth, postal address, email, etc. In many cases, people need to provide their personal data to third parties for many reasons, such as ordering a product online, requesting a service, answering a survey, opening a bank account, watching a movie online, buying a plane ticket, etc. However, has anyone asked if this information is stored and how it is processed?

Obviously, the protection of personal data greatly influences many aspects of professional, social and business life. In addition, privacy has an impact on the private life of citizens. As a result, the protection of personal data is an important issue that must be addressed by public and private organizations in the performance of their daily operations.

In Cyprus, ‘The Personal Data Processing (Protection of the Individual) Act 2001’ (138 (I) 2001) regulates the collection, processing and use of personal data. The particular law came into force in 2001 to address privacy issues related to the collection, storage, processing, dissemination and use of personal data. In addition, the Law was amended in 2003 to harmonize Cyprus law with EU Directive 95/46 on the protection of individuals with regard to the processing of personal data.

The commercial operations that are affected by Law 138(I)2001 are any operation that involves the collection, storage, organization, conservation, extraction, use, dissemination and destruction of data. Therefore, the provisions of this Law apply to the processing of personal data in whole or in part by automated means, and to the processing other than by automated means of personal data that is part of a filing system or is intended to be part of a filing system. of a file system.

What rights do individuals have regarding their personal data held by third parties?

  • The right to information;

  • The right of access;

  • The right to rectify;

  • The right to object;

  • The right to compensation;

Conditions for the lawful processing of personal data:

In accordance with the provisions of the Law, the processing of personal data is only permitted if the individual gives his consent.

However, it is also allowed without the consent of the individual in the following cases:

  • in case it is necessary for the fulfillment of a legal obligation;

  • for the performance of a contract to which the individual is a party;

  • watch over the vital interests of the person;

  • for purposes of public interest;

  • for the legitimate interests pursued by the controller or the third party, on the condition that such interests prevail over the rights of the person, interests and fundamental freedoms;

Sensitive information:

It should be noted that “sensitive data” means any information relating to racial or ethnic background, political orientation, religious or philosophical convictions, participation in an organization, association and union, health, sexual life and erotic orientation, as well as data relating to prosecutions. or sentences.

According to the Law, sensitive data enjoys a higher level of protection since it is easier for people to experience discrimination based on this data. Consequently, the Law establishes that the processing of sensitive data is prohibited.

However, the processing of sensitive data is allowed under the following conditions:

  • whether the individual has given explicit consent, unless such consent was obtained unlawfully;

  • in the event that the data processing is necessary for the fulfillment of an obligation in the labor sector;

  • for the safeguarding of vital interests;

  • within the context of the activities of an organization or trade union of which the individual is a member;

  • for national or public security purposes;

  • for statistical, research, scientific and journalistic purposes;

  • in case the data processing is associated with medical data and is carried out by a person who offers health services by profession and has a duty of confidentiality or is subject to the relevant codes of conduct, on the condition that the processing is necessary for preventive medicine, medical diagnosis and provision of health care services.

Leave a Reply

Your email address will not be published. Required fields are marked *