GDPR and Building Management Committees

ARTICLE: ​GDPR and how it applies to Apartment Complex Management Committees in Cyprus

The New Data Protection Law, General Data Protection Regulation 2016/679 (GDPR)

​You may have heard in the news lately there are some major changes in European legislation covering storage and use of a private individual’s data.  This is known as the General Data Protection Regulation 2016/679 (GDPR).

​What is the GDPR and how does it apply to committees?

​​On the 25th of May 2018 a new piece of legislation will come into effect across all EU member states called the General Data Protection Regulation (GDPR).  This is effectively a single unified standard for data held on any European citizen.  As the management committee hold data on the unit owners of their building/resort they must ensure they meet the new GDPR requirements.  Failure to meet these regulatory requirements hold a penalty up to 20 million euros.

Does an Apartment Buildings Management Committee need the unit owners permission to hold their data?

​​No, while consent is required in many circumstances (for example holding someone’s email for a newsletter), consent is not required where the holding of that individual’s data is part of a contract requirement or other legal obligation.  The committee have a legal obligation to collect and keep property owners contact information and financial records for the development and so have a legal right to do so under the GDPR.

How must this data be stored?

​The management committee must take active measures to ensure that property owners data is 1) Accurate (e.g. A quarterly email update to owners asking if any of their information has changed)2) Held securely (e.g. In a secure account on a GDPR compliant cloud storage service).Owners Data must not be disclosed to any third party unless they are employed by the management committee, they must have a legitimate need to access this data & comply to the GDPR requirements.  Its quite common for a committee to put information on noticeboards within the building but its important to make sure any documents placed do not hold any personal data of the unit owner or any other person, including name or contact information.

​What if you have a management company, is this their problem?

​While the management company should be GDPR compliant, its important to note under the regulations the management committee are the ultimate ones responsible for the data and must ensure anyone they hire is also following the GDPR legal requirements.

There are three common ways a committee will calculate each unit’s Communal Fees: But only one way is the legally accepted way.

​Looking for ​more?

​If you are a member of your management committee, (or are looking to set one up) you will know that while the communal property regulations are comprehensive, they are sometimes a little difficult to understand and even once understood its not always easy to apply these generic regulations to your individual building with its specific challenges.

To help with this problem​ my most recent book the Ultimate Committee handbook ​gives you detailed and step by step instructions on every aspect of being on your committee and running your building.  It explains the communal property ​law in simple terms including real world examples and instructions ​on how to best apply these regulations.

To get more information on this book, and view a book preview you can click the below link.

Unlock the true potential of your apartment building or resort with The Ultimate Committee Handbook.

Russell Flick

The Cyprus Communal GuideHelping you unlock your buildings true potential.

Russell Flick

Experienced Property Professional, Public Speaker & Author of 'The Ultimate Committee Handbook'. In addition to his published books, Russell is a public speaker, columnist and founder of, the online information portal for property owners to get support and advice on all aspects of communal property ownership and management.