The General Data Protection Regulation (GDRP) has strengthened the public’s rights and reinforced accountability in the handling of personal data, data protection commissioner Maria Christofidou said on Monday.

The GDPR established stronger protections while creating a unified framework for personal data protection across member states, she said, marking eight years since it was introduced across the EU.

She said the regulation “enshrined the principle of transparency” and reinforced “the accountability of organisations that process personal data”.

Christofidou added that the GDPR contributed to “a coherent and uniform framework for the protection of personal data” throughout Europe.

She also referred to the establishment of the European Data Protection Board in 2018, saying it had bolstered coordination between supervisory authorities in both national and cross-border cases.

According to the statement, the board enhanced consistency in enforcement and promoted a more uniform approach among member states in the application of data protection rules.

Christofidou said personal data protection remained central during a period defined by digital transformation, artificial intelligence and increasing cyberattacks.

“In today’s era of digital transformation, artificial intelligence, but also of increasing cyberattacks, the protection of personal data remains the cornerstone of transparency, democracy and digital security,” she said.

She added that data protection was “not only a legal obligation” but also “a basic guarantee of the public’s trust in both institutions and businesses that process personal data”.

“Today’s anniversary is an opportunity to reaffirm the Data Protection Authority’s commitment to the continued defence of the fundamental right to the protection of personal data and privacy,” the commissioner said.

Earlier this year, the disclosure of donor identities connected to the now disbanded Independent Social Support Agency became the subject of debate after the legal service argued that releasing company names could violate GDPR provisions.

The issue prompted criticism from MPs who argued that European data protection rules should not obstruct parliamentary oversight or transparency in matters involving potential conflicts of interest and public accountability.

Former MP Alexandra Attalides previously argued that European legislation permits disclosure in cases involving allegations of corruption, abuse of power or money laundering.