Patroklos PatroklouIn 2026, Cyprus continues to refine its domestic application of GDPR through Law 125(I)/2018. For businesses in Nicosia and Limassol, generic EU compliance isn’t enough. The Cypriot Commissioner has ramped up audits on “Cookie Compliance” and “CCTV in the Workplace,” making local expertise a competitive necessity.
The 14-Year Rule: Unlike the EU default of 16, Cyprus sets the age of consent for information society services at 14. Is your GRC tool configured for this local derogation?
Special Category Data: Cyprus has strict prohibitions on processing genetic and biometric data for insurance purposes—a major hurdle for the growing InsurTech sector in Paphos.
Breach Reporting: The Commissioner now mandates specific notification procedures that go beyond the standard 72-hour window, requiring a localized response plan.
The Enactia Edge: Built in Cyprus, Enactia comes pre-configured with the exact templates and legal derogations required by Law 125(I)/2018. We don’t just speak GDPR; we speak “Cyprus GDPR.”
FAQ: Cyprus GDPR Compliance
Is GDPR different in Cyprus? While based on EU rules, Cyprus Law 125(I)/2018 adds specific local requirements regarding DPO appointments and genetic data.
Who is the supervisory authority in Cyprus? The Office of the Commissioner for Personal Data Protection, located in Nicosia.
What are the fines in Cyprus? Fines can reach €20 million or 4% of turnover, as seen in recent high-profile penalties against local banks and retailers.
