New Greek law on GDPR

11.09.2019

Following a fast track procedure, the Greek Parliament adopted Law 4624/2019, which frames the provisions of the GDPR in Greece and has come into effect as of 29 August 2019.

Although it is an EU Regulation, the GDPR gives to the member states the right to establish limitations on certain data processing activities and introduce restrictions on the rights of the individuals.

Law 4624/2019 has made use of the majority of the derogations provided for in the GDPR by setting forth specific rules on the processing of employees’ personal data, “sensitive” personal data and personal data in the sectors of health, insurance and media.

Also, the law introduces significant limitations on the rights of the individuals, such as the right of the individuals to be informed on the use of their personal data, their right to have access to their data and their right of erasure, whereas it provides for exemptions that release controllers from their obligation to communicate personal data breaches to the affected individuals.

Another key feature of the law is the different treatment on the lawfulness of and restrictions on the processing of personal data depending on whether the controller is classified as a public or a private entity.

Last but not least, besides the high administrative fines stipulated in the GDPR, the new law provides for severe criminal sanctions in case of violation of its provisions.

Enterprises will need to review and adapt their policies and procedures to ensure that these are in line with the new statutory provisions.  

 

Article provided by: Mary Deligianni (Zepos & Yannopoulos, Greece)

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

What is the INPLP?

INPLP is a not-for-profit international network of qualified professionals providing expert counsel on legal and compliance issues relating to data privacy and associated matters. INPLP provides targeted and concise guidance, multi-jurisdictional views and practical information to address the ever-increasing and intensifying field of data protection challenges. INPLP fulfils its mission by sharing know-how, conducting joint research into data processing practices and engaging proactively in international cooperation in both the private and public sectors.