+357 25 359 159info@anastasioulawfirm.com
Free Consultation

The GDPR: A Landmark in Data Protection

September 8, 2025

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into force on May 25, 2018, across all European Union (EU) member states. It replaced the 1995 Data Protection Directive and was designed to harmonize data privacy laws throughout Europe while empowering individuals with greater control over their personal data.

The GDPR enshrines principles such as:

  • Lawfulness, fairness, and transparency
  • Purpose limitation (data must be collected for specific, legitimate purposes)
  • Data minimization (only necessary data should be collected)
  • Accuracy and storage limitation
  • Integrity and confidentiality (security of processing)

These principles are intended to ensure responsible and ethical data handling by organizations.

The GDPR enhances individual rights, including:

  • Right to access: Individuals can request a copy of their personal data.
  • Right to rectification: Inaccurate data must be corrected.
  • Right to erasure (“right to be forgotten”)
  • Right to data portability
  • Right to object to certain processing, including for direct marketing.
  • Right not to be subject to automated decision-making, including profiling.

Organizations that process personal data of EU residents, regardless of where they are based, must:

  • Obtain clear and informed consent for data collection.
  • Appoint a Data Protection Officer (DPO) in certain cases.
  • Conduct Data Protection Impact Assessments (DPIAs) for high-risk processing.
  • Report data breaches to regulators within 72 hours.

Non-compliance can result in heavy fines—up to €20 million or 4% of global annual turnover, whichever is higher.

Although an EU regulation, the GDPR has global reach. Companies worldwide—from tech giants to small startups—must comply if they handle the data of EU citizens. The regulation has influenced privacy laws globally, inspiring similar frameworks in Brazil (LGPD), California (CCPA/CPRA), and India (DPDP Act).

The GDPR is a landmark in digital rights and data protection, setting a global standard for privacy. It balances innovation with accountability, demanding transparency and ethical data practices in the digital economy. For individuals, it means greater awareness and control over their personal information—now a fundamental right in the digital age.

Previous PostNext Post

Related Posts

The EU AI Regulation 2024/1689

September 8, 2025

Incorporation of a Private limited liability company in Cyprus

September 8, 2025
We use cookies to personalise content and ads, to provide social media features and to analyse our traffic. We also share information about your use of our site with our social media, advertising and analytics partners. View more
Cookies settings
Accept
Privacy & Cookie policy
Privacy & Cookies policy
Cookies list
Cookie name Active
Makis Anastasiou & Co. LLC is a law firm registered and operating under the laws of the Republic of Cyprus with its registered office at 211 Arch. Makariou III Avenue, Christina Center, Office 301, 3030 Limassol – Cyprus. We act as the “Data Controller” for the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”). At Makis Anastasiou & Co. LLC we are committed to protecting your privacy and handling your personal information and/ or data with transparency and care. This Privacy Policy describes how we collect, use, safeguard your personal information when you visit our website or interact with us through it. Personal data that may be collected and processed may include:
    • Contact information (e.g., name, email address, phone number)
    • Information you provide via contact forms or email
    • Technical data (e.g., IP address, browser type, device information)
    • Usage data (e.g., pages visited, time spent on our site)
Your personal data may be used for the following purposes:
    • To respond to your enquiries or provide legal services
    • To improve and maintain our website
    • To comply with legal or regulatory obligations
    • To protect our legal rights
We do not use your data for marketing purposes without your explicit consent. Process of your personal data is based on:
    • Your consent
    • The performance of a contract or pre-contractual steps
    • Our legitimate interest (e.g. improving services or website functionality)
    • Compliance with a legal obligation
Please note that we do not sell, rent, or trade your personal data. We may share your data with trusted third-party service providers (e.g., IT or hosting providers) only to the extent necessary and under confidentiality obligations. Your personal data will be retained only for as long as necessary for the purposes outlined above or as required by applicable law. Once no longer needed, your data will be securely deleted or anonymised. Under GDPR, you have the following rights:
    • Right to access your personal data
    • Right to rectification or erasure
    • Right to restrict or object to processing
    • Right to data portability
    • Right to withdraw consent (where applicable)
    • Right to lodge a complaint with the Office of the Commissioner for Personal Data Protection in Cyprus
Our website may use cookies to improve your browsing experience. You can manage cookie preferences through your browser settings. For more information, please see our [Cookie Policy].

Security We implement appropriate technical and organizational measures to protect your data from unauthorized access, disclosure, or misuse.

Contact Us If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at +35725359159 or at info@anastasioulawfirm.com.
Save settings
Cookies settings