Data protection law is like a modern-day labyrinth, a complex and ever-changing world that businesses must navigate carefully to avoid getting lost or facing the wrath of the Minotaur – in this case, hefty fines and reputational damage. As the importance of data protection in Greece grows, understanding the legal framework that governs it is crucial for businesses operating in this Mediterranean nation. This article offers a comprehensive overview of Greek data protection laws, highlighting the key concepts, requirements, and recent cases that businesses should be aware of.

The Greek legal system and data protection

Greece’s legal system is a civil law system based on the principles of Roman law. This means that legislation and codes form the primary source of law, with judicial decisions playing a secondary role. Greek laws are closely aligned with the European Union (EU) regulations in data protection, as Greece has been an EU member state since 1981.

Fundamental data protection laws in Greece

The two primary data protection laws in Greece are the General Data Protection Regulation (GDPR) and the Greek Data Protection Act.

General Data Protection Regulation (GDPR)

The GDPR, which took effect on May 25, 2018, is a comprehensive data protection regulation applicable across all EU member states. It aims to harmonise data protection laws and safeguard the privacy rights of individuals. The GDPR establishes principles and requirements for processing personal data, including obtaining valid consent, ensuring data security, and providing data subjects with the right to access, rectify, or erase their personal information.

Greek Data Protection Act

The Greek Data Protection Act complements the GDPR by providing more specific provisions and guidelines tailored to the Greek context. It addresses areas such as data protection authorities, data processing for public interest purposes, and the appointment of Data Protection Officers.

Recent enforcement actions by the Hellenic Data Protection Authority

Staying informed about recent enforcement actions by the Hellenic Data Protection Authority (HDPA) can help businesses understand the potential consequences of non-compliance with Greek data protection laws. Here are three case summaries from early 2023 that illustrate the HDPA’s approach to enforcing data protection regulations:

  • Vodafone Case – The Hellenic DPA fined Vodafone EUR 40,000 for providing a customer’s conversation records to another customer who requested their records. Vodafone also failed to report the incident promptly.
  • Piraeus Bank Case – The Hellenic DPA fined Piraeus Bank EUR 30,000 for unlawfully disclosing transaction and account balance information of joint accounts to the heirs of one of the account holders during legal proceedings. The bank also failed to promptly report the incident to the DPA and the data subject.
  • Intellexa SA Case – Intellexa SA was fined EUR 50,000 by the Hellenic DPA for not properly cooperating with the authority during an investigation into the installation of tracking software on users’ mobile devices without their knowledge.

These cases demonstrate the importance of complying with Greek data protection laws and the potential consequences of failing. By staying current with recent enforcement actions, businesses can identify potential areas of concern and take proactive steps to ensure compliance with the law.

Recent updates and impact on businesses

In recent years, Greek data protection laws have evolved to reflect the rapidly changing digital landscape. These updates include the adoption of the GDPR, the strengthening of the Greek Data Protection Authority’s enforcement powers, and the introduction of additional sector-specific regulations. These changes have significant implications for businesses operating in Greece. They must ensure compliance with the updated laws to avoid getting lost in the labyrinth and facing the Minotaur’s wrath.

Actions you can take next

  • Ensure compliance with Greek data protection laws by conducting regular assessments and implementing necessary safeguards.
  • Seek expert advice from a legal consulting firm specialising in data protection, privacy, and cybersecurity.
  • Stay up-to-date on the latest legal developments and their potential impact on your business operations in Greece.