07 May 2025
We are proud to share that
Raphael Legal, the law firm behind Privacy Minders, is the exclusive Cyprus contributor to The Legal 500’s 2025 Data Protection & Cybersecurity Country Comparative Guide, answering 47 key questions that define compliance across Europe.
While authored as the Cyprus chapter, our contribution offers a legal and strategic overview of the evolving EU data protection and cybersecurity landscape.
The chapter provides in-depth insights on key developments, including:
▪️
NIS2 Directive: Risk-based obligations for essential and important entities, Cyprus’s national implementation via the Cyprus Digital Security Authority
Office of the Commissioner of Communications , and the adoption of the
Cybersecurity Maturity Assessment Framework (CMAAF).
▪️
EU Digital Legislation: Including the
Cyber Resilience Act (CRA),
AI Act,
Data Act,
Digital Services Act (DSA), and
DORA, and how these instruments reshape obligations in cybersecurity, digital trust, and data governance.
▪️
Sector-Specific Requirements: Enhanced obligations in critical sectors such as
financial services,
healthcare,
public administration, and
trust services, under frameworks like
NIS2,
DORA,
eIDAS, and
EU medical device regulations, with oversight from Cyprus's sectoral regulators.
▪️
Legal Representation Obligations: DSA requirements for non-EU providers using Cyprus as a point of entry into the EU digital single market.
▪️
Enforcement & Regulatory Trends: Regulatory oversight powers, sanctions framework, appeal mechanisms, and supervisory priorities as we move into 2025–2026.
▪️
CSIRT-CY: The role of Cyprus’s national CSIRT in operational response, incident reporting, and collaboration with national and EU-level supervisory bodies.
▪️ Standardization:The chapter explores the increasing role of European standardization in shaping legal compliance, highlighting the contributions of CYS national delegates—including our Managing Partner, Maria Raphael—to key committees such as
CEN and CENELEC JTC 13, JTC 21, and
ETSI TC CYBER, which support implementation of the CRA, AI Act, and more.
▪️
GDPR Principles & Derogations: Explanation of GDPR’s foundational principles (lawfulness, transparency, purpose limitation, data minimisation), key controller/processor obligations (DPOs, DPIAs, record-keeping), and Cyprus-specific derogations for journalistic purposes, public interest, and official authority processing.
Looking ahead, the chapter also outlines what businesses should expect in 2025–2026:
- The convergence of EU digital regulation
- Evolving enforcement strategies and priorities
- Sector-specific frameworks under EU and national law
For tailored support on GDPR, NIS2, CRA, DORA, or EU-wide digital compliance frameworks, contact us at
info@privacyminders.com or visit
www.privacyminders.com
Read the full chapter here.