Cyprus has handled over 2,500 complaints and imposed more than €1.5 million in administrative fines in the six years since the General Data Protection Regulation (GDPR) came into effect, Commissioner for Personal Data Protection Irini Loizidou Nicolaidou said on Friday.

Nicolaidou said her office was also consulted on 261 bills and legal proposals related to matters of personal data and processing.

The GDPR regulation was established primarily with the aim of implementing a uniform application of data protection rules throughout the EU and to further strengthen citizens’ rights.

“In these six years of application of the regulation, my office handled 2,585 complaints, of which 746 related to unsolicited advertising messages, 494 notification of infringement incidents and 112 impact assessments,” Loizidou Nicolaidou said. She also said 506 audits were carried out and 299 decisions issued with total fines of €1.561 million.

She added that the GDPR regulation has “drastically increased” the obligations of all those who process personal data and had laid new foundations for “substantial and effective cooperation” between data protection supervisory authorities across the bloc.

The office of the commissioner during the past six years also received 2,002 written questions from the public and organisations, which were answered directly, while hundreds of other questions were answered after a short investigation, the commissioner said.

“Many and different challenges every day oblige us to constantly reposition the protection of privacy on its rightful basis with respect to other fundamental rights,” she concluded.