TaxLegi 27.11.2020

26 Nov 2020
Subject Tax Alert
Categories TaxLegi
  • Submission of a revised temporary tax assessment via form T.D.6

    Companies that have already submitted a temporary tax assessment for the tax year 2020 planning to submit a revised tax assessment before 31/12/2020 may do so through the Tax Portal launched by the Cyprus Tax Department on 26/06/2020.

    In the case of a revised tax assessment where the Company’s taxable income is lower than previously estimated, then the Company may only proceed with a revised tax assessment through submitting a hard copy of the form T.D.6 to the Company’s registered tax office.


    George Koutsoftas, Senior, Direct Tax Services
  • Coronavirus (COVID-19) - What companies must consider with regards to data protection

    Executive summary

    In light of the COVID-19 outbreak employers have had to adopt a number of measures for the purpose of preventing and/or containing COVID-19 while having to adjust their work procedures to the new realities we are currently facing. Such measures and procedures may involve extensive collection and processing of personal data, especially health data. To this end, ensuring that all new and/or modified procedures are in line with the data protection regime constitute an integral part in both corporate and state responses.

    With the spread of COVID-19 companies have been forced to engage in an extensive collection and processing of personal data for the purpose of protecting their employees and clients. The foregoing measures involve processing of personal data including special categories of sensitive personal data, like travel-reporting information, health data (such as health examinations and reporting of symptoms) and tracing of personal contacts. Such data may be collected either via questionnaires, health checks and personal feedback whilst they may relate to employees or contractors and their relatives as well as visitors and/or clients.

    Furthermore, compliance with governmental measures and new local legislative measures could also force companies to adopt new procedures in order to be in a position to comply with their newly enforced obligations. Finally, the new working environment adopted by a lot of companies, such as the “work-from-home” policies, could also mean that new procedures are required with regards to the processing of personal data of employees and clients.

    Core Principles

    It is important that the employer takes all necessary action to safeguard the secure and lawful processing of any personal data for the above purposes. Thus, it is imperative that the data subjects receive transparent information on the processing activities that are being carried out and their main features, including the retention period for collected data and the purposes of the processing. The information provided should be easily accessible and provided in clear and plain language. 

    Furthermore, it is important to adopt adequate security measures and confidentiality policies ensuring that personal data are not disclosed to unauthorised parties. Measures implemented to manage the current emergency and the underlying decision-making process should be appropriately documented.

    Working remotely – Practical Advice


    • Take extra care that devices, such as USBs, phones, laptops, or tablets, are not lost or misplaced,
    • Make sure that any device has the necessary updates, such as operating system updates (like iOS or android) and software/antivirus updates.
    • Ensure your computer, laptop, or device, is used in a safe location, for example where you can keep sight of it and minimise who else can view the screen, particularly if working with sensitive personal data.
    • Lock your device if you do have to leave it unattended for any reason.
    • Make sure your devices are turned off, locked, or stored carefully when not in use.
    • Use effective access controls (such as multi-factor authentication and strong passwords) and, where available, encryption to restrict access to the device, and to reduce the risk if a device is stolen or misplaced.
    • When a device is lost or stolen, you should take steps immediately to ensure a remote memory wipe, where possible.


    • Follow any applicable policies in your organisation around the use of email.
    • Use work email accounts rather than personal ones for work-related emails involving personal data. If you have to use personal email, make sure contents and attachments are encrypted and avoid using personal or confidential data in subject lines.
    • Before sending an email, ensure you’re sending it to the correct recipient, particularly for emails involving large amounts of personal data or sensitive personal data.

    Cloud and networks

    • Where possible only use your organisation’s trusted networks or cloud services and complying with any organisational rules and procedures about cloud or network access, login and, data sharing.
    • If you are working without cloud or network access, ensure any locally stored data is adequately backed up in a secure manner.

    Hard Copies

    • Where you are working remotely with paper records, take steps to ensure the security and confidentiality of these records, such as by keeping them locked in a filing cabinet or drawer when not in use, disposing of them securely (e.g. shredding) when no longer needed, and making sure they are not left somewhere where they could be misplaced or stolen.
    • Where possible, you should keep a written record of which records and files have been taken home, in order to maintain good data access and governance practices.

    Data Protection – Checklist

    • Engage your Data Protection Officer in the procedure
    • Keep up to date with the guidelines and measures taken by both local and European authorities
    • Provide the necessary information to the data subjects involved in any new and/or updated processing activities
    •  Respect data subjects’ rights throughout this difficult process
    • Put in place appropriate corporate policies and procedures
    • Maintain the necessary and appropriate internal documentation on the lawful bases of any protective measures adopted
    • Conduct Data Protection Impact Assessments (DPIA)
    • Maintain all necessary measures for data security and confidentiality.
    • Update your data protection documentation, in particular the data protection impact assessment (DPIA) and the register of processing activities.

    Iacovos Kouppas, Senior Manager, EY Law 
    Thea Nicolaou, Senior, EY Law
  • Why businesses need to revisit digital economy taxation post-COVID-19

    This digital taxation landscape has significant uncertainty for digital and technology businesses, but also for companies in industry sectors such as financial services, transportation and retail, and other organizations where digital transformation is a key strategy for growth. Taxation of the digital economy has become fast-moving and increasingly complex in recent years – a situation that has been exacerbated by the COVID-19 pandemic. Tax leaders from all businesses that operate in the digital domain need to be laser-focused on indirect tax and other tax considerations with regard to digital, cross-border activity. For more information, please contact us. You can read our latest article here.


    Panayiotis Gregoriou, Senior Manager, Direct Tax Services
  • Cyprus-Saudi Business Association opens doors for potential investors

    More than 80 companies have joined the strength of the Cyprus-Saudi Arabia Business Association, which is expected to play a leading role in further strengthening relations between the two countries. The association was officially founded on 14th of October 2020, providing new perspectives on trade relations between the two countries. The main objective of the Business Association is to promote, expand and encourage cooperation between the companies of the Republic of Cyprus and the Kingdom of Saudi Arabia. In addition, it strives to inform the Saudi business community of the potential for business collaborations and investments, as well as for the utilization of Cyprus as a base of business activities aimed at the markets of the EU Member States, and of other countries. Saudi Arabia is imposing an embargo on imports of products from Turkey, which opens many perspectives for Cypriot products and services. One of the first actions of the CCCI and the association is to organize a business mission in Saudi Arabia in 2021. It may be relevant to note that the two countries have concluded a number of bilateral treaties, including a treaty for the avoidance of double taxation.

    Petros Krasaris, Partner, International Tax and Transaction Services 
    Elina , Manager, International Tax and Transaction Services
  • The Mini-Manager opportunity

    Introduction of Mini-Managers to Cyprus regulatory scene through the enactment of the Incorporation and Operation of Small Alternative Investment Fund Managers Law (81(I)/2020), (the “Mini Managers Law”), has made Cyprus an even more attractive jurisdiction for both global asset managers to setup shop.

    The Mini Managers Law gives the opportunity of incorporating and operating a licensed fund manager with lower capital requirements and lower maintenance costs to accommodate for small-scale investments. It also allows international wealth managers to establish local presence for management of their Cyprus investment projects.


    Mini Managers can manage and market Cyprus, EU or third-country Alternative Investment Funds (“AIFs”) with assets under management not exceeding the below thresholds:

    •           EUR 100.000.000, including leverage, or

    •           EUR 500.000.000, without leverage and with a lock-up period of 5 years.

    A Mini Manager is under the regulatory supervision of the Cyprus Securities and Exchange Commission (“CySEC”) and as part of its authorisation application, it must present for assessment the CySEC Questionnaire containing information about each of its board of directors, senior management and shareholders with qualifying holdings, a business plan and internal operations manual, depositary appointment arrangements and the investment strategy of the AIFs it intends to manage.

    Further, it must appoint in its organisational structure at least four directors (two executive and two non-executive), an internal auditor, an Anti-Money Laundering Officer and a Risk Manager.

    A Mini-Manager can provide services such as portfolio and risk management, administration services, and marketing activities in a manner identical to that of fully-fledged Alternative Investment Fund Managers.

    The efficiency and attractiveness of the Mini-Managers lie in the low cost, short time, simplified incorporation/licensing process, and reduced initial capital requirements (EUR 50.000).

    Our firm welcomes all your queries and considerations, and will be happy to give you guidance and support customised to your plans and projects, so that you can make full use of the Mini-Manager opportunity in your worldwide ventures.


    Huseyin Erguven, Senior, EY Law 
    Polyvios Nicolaou, Trainee Lawyer, EY Law