Personal information is a quintessential ingredient for the operation of any organisation. The General Data Protection Regulation has significantly enhanced the rights of individuals in respect of their personal information and has introduced new parameters for organisations. Recognising the changing environment, the Firm has formed a team of dedicated lawyers, whose sole focus is, to assist clients in all aspects of data protection law.

The GDPR team advises clients from a wide range of industries including but not limited to: financial services, shipping, retail, consultancies, information technology and healthcare. Starting from the premise that one size does not fit all, we provide practical, comprehensive and expert legal advice taking into account each client’s individual needs, industry and areas of operation.

As the sole Cypriot member of the international employment and pensions law alliance Ius Laboris and member of the Data Privacy Expert Group, the GDPR team provides clients with first-class legal advice and support on data protection matters in over 50 countries.


Our services include:

  • Establishing current gaps in compliance and recommending solutions
  • Drafting privacy policies, notices and other necessary documentation and procedures
  • Advising on data privacy matters in the workplace
  • Assisting organisation to identify and characterise third party relationships and drafting agreements for data sharing including Joint Controller Agreements and Data Processing Agreements
  • Implementation of strategies for data transfer mechanisms within and outside the EU including assessment of third party relationships, drafting Binding Corporate Rules, adopting the Standard Contractual Clauses
  • Advising on whether a Data Protection Officer should be appointed and how to find the right person for this role
  • Support to Data Protection Officers
  • Assisting organisations to set up and maintain a Record of Processing activities
  • Developing solutions and procedures to be followed in cases of data breaches and complying with notification requirements. Support in case of data breaches
  • Advising on Data Protection Impact Assessments and when they should be carried out
  • Assisting organisations in responding to Data Subjects requests of Data Subject rights
  • Advice and training on GDPR implementation
  • Liaising with the Data Protection Authorities