Data Protection (GDPR) – Compliance and Legal Obligations
In the digital world, compliance with data protection laws (GDPR) is a priority for every business. The General Data Protection Regulation (GDPR), which applies across the European Union and has been incorporated into Greek law (Law 4624/2019), sets strict rules for the collection, storage, and processing of personal data.
Which Businesses Does the GDPR Apply To?
The regulation applies to:
- Businesses and organizations based in the EU, regardless of where the data processing takes place.
- Businesses and organizations outside the EU that process personal data of individuals within the EU by offering goods or services (regardless of whether payment is required) or monitoring their behavior within the EU.
- Organizations outside the EU where the law of an EU Member State applies under public international law (e.g., embassies, consulates, etc.).
Compliance Obligations and Data Protection
GDPR compliance requires:
- Adherence to all principles governing data processing.
- Respect for data subjects’ rights.
- Compliance with strict obligations for both data controllers and data processors.
GDPR Violations and Penalties
Failure to comply with GDPR can result in:
- High administrative fines.
- Criminal penalties, including felony charges.
- Corrective measures imposed by the Data Protection Authority, such as halting data processing activities.
For more information on data protection law (GDPR) and our services, read our relevant Guide in Greek here
Nothing in this publication shall be construed as legal advice. The publication is necessarily generalised. Professional advice should therefore be sought before any action is undertaken based on this publication.