Entering 2024, the Republic of Cyprus is at a pivotal moment in its journey toward enhancing data protection and cybersecurity. The past year marked a series of significant regulatory and collaborative efforts, particularly in the wake of cybersecurity incidents that impacted key institutions, including universities and the republic’s land registry.

The Office of the Commissioner for Personal Data Protection intensified GDPR enforcement, not only conducting random audits across various organizations to ensure compliance but also organizing comprehensive training sessions. These initiatives aim to elevate awareness and understanding of data protection regulations, thereby fostering a culture of data security and compliance.

The commissioner also signed a memorandum of collaboration with the Office of Commissioner of Communications, particularly pertinent in the context of recent cybersecurity breaches and highlighting the need for coordinated data protection strategies. The agreement is significant in its focus on two crucial areas: the mandatory disclosure of personal data breaches by providers of publicly available electronic communication services and addressing breaches involving entities operating essential services, critical infrastructure, and digital service providers.

Adding to the regulatory landscape are several impending compliance deadlines that are shaping organizations’ cybersecurity strategies. The Digital Operations Resilience Act, which mandates compliance from financial services entities by 17 Jan. 2025, is a key framework aimed at enhancing the operational resilience of the financial sector against cyber threats. Additionally, the Cyprus Securities and Exchange Commission has directed entities under its authority to align with the European Banking Authority’s Information and Communication Technology guidelines by June 2024. Furthermore, the NIS2 Directive, expanding the scope and strengthening the security requirements of the Network and Information Systems Directive, plays a crucial role in the evolving cybersecurity environment.

On top of these regulatory measures, the commissioner is also actively engaged in reviewing the cookie policies and practices of various entities, including scrutinizing websites’ policies to ensure they comply with data protection standards and respect user privacy. This initiative is a vital component of broader efforts to safeguard personal data in the digital realm.

As Cyprus navigates through these developments, there is an anticipated increase in demand and investment in cybersecurity and data protection across multiple sectors. Organizations are expected to enhance their cybersecurity infrastructures, invest in state-of-the-art technologies, and embed cybersecurity awareness into their operational ethos.

2024 is set to be a transformative year for data protection and cybersecurity in Cyprus. The combination of rigorous regulatory measures, proactive enforcement actions, and the response to recent cyber incidents is steering the nation towards a more secure and resilient digital future. Cyprus’ approach, characterized by stringent compliance, collaboration and capacity building, not only addresses immediate challenges but also sets a commendable example in managing cyber risks and safeguarding personal data on a global scale.