GDPR Services

Our team has two Data Protection Officers (DPO Executive) certified according to the international standard ISO/IEC 17024.

General Data Protection Regulation (GDPR)

Find out what your business needs to do to comply with EU data protection rules.

Implementation of the regulation

Introduction

The new General Data Protection Regulation (Regulation (EU) 2016/679) of the European Union (EU), on the protection of individuals with regard to the processing of personal data and on the free movement of such data, entered into force on May 24, 2016 and came into force on May 25, 2018

The regulation automatically becomes binding on the whole of the EU from the date of its entry into force and replaces the earlier Directive 95/46 / EC of the European Parliament.

Last year, the Greek Legal Order introduced Law 4624/2019, which came as the culmination of the European Regulation.

To whom does data protection law apply?

The General Data Protection Regulation (GPA) applies:

1. any company or entity that processes personal data in the context of the activities of one of its EU-based branches, regardless of where the data is processed; or
2. to any company based outside the EU that offers goods / services (paid or free) or monitors the behavior of individuals in the EU.
3. in the narrow and wider public sector (local authorities, hospitals, NPDD) If your company is a small business (SME) and processes personal data, as described above, you must comply with the GCC.

Do the rules apply to small and medium-sized enterprises (SMEs)?

Yes, the application of the data protection regulation does not depend on the size of your company or organization but on the nature of your business. Activities that pose a high risk to the rights and freedoms of individuals, whether carried out by an SME or a large enterprise, involve the application of stricter rules.

What is personal data?

Personal data is information about an identified or identifiable living person. Different information which, if put together, can lead to the identification of a particular person, is also personal data.

Individuals can claim compensation if a company or organization has violated the General Data Protection Regulation (GPA) and suffered material damage (eg financial loss) or non-pecuniary damage (eg defamation or mental anguish). The GCC ensures that they are reimbursed, regardless of the number of organizations involved in processing their data. The injured person can claim compensation either directly from the organization or before the competent national courts. The procedure can be brought before the courts of the EU Member State where the controller or processor has a professional establishment or where the citizen seeking compensation resides (ie has his usual residence).