Our Data Protection practice offers specialized legal services to address the complexities of privacy laws, regulatory compliance, and data security frameworks in Greece and the EU. With extensive expertise in navigating the General Data Protection Regulation (GDPR), Greek Law 4624/2019 on data protection, and sector-specific privacy requirements, we provide precise and tailored solutions for organizations managing sensitive and personal data.
Our Services Include:
- GDPR Compliance and Implementation: Advising on compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) and Greek Law 4624/2019, which supplements the GDPR, including data protection policies, privacy notices, and records of processing activities. Conducting GDPR gap analyses and Data Protection Impact Assessments (DPIAs) for high-risk processing activities under Articles 35–36 GDPR.
- Data Transfers and Cross-Border Processing: Assisting with international data transfers in compliance with Chapter V GDPR, including implementing Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). Advising on compliance with Schrems II requirements, particularly concerning adequacy decisions and additional safeguards for non-EU transfers.
- Data Breach Management: Providing guidance on handling data breaches, including breach notification obligations under Articles 33–34 GDPR and incident response strategies to mitigate regulatory and reputational risks. Representing clients in investigations by the Hellenic Data Protection Authority (HDPA) regarding data breach notifications and compliance.
- Employee and HR Data: Advising on the lawful processing of employee data under Greek labor laws and GDPR, including the use of monitoring systems, biometric data, and CCTV in the workplace. Drafting employee privacy policies, consent forms, and contractual clauses for HR data compliance.
- Marketing and E-Privacy: Ensuring compliance with the E-Privacy Directive (Directive 2002/58/EC) and Greek Law 3471/2006 on electronic communications, focusing on consent mechanisms for cookies, direct marketing, and email communications. Drafting terms for online platforms, user agreements, and consent management solutions in compliance with data protection and e-privacy laws.
- Sector-Specific Data Protection: Advising on data protection requirements in regulated sectors, including banking, healthcare, telecommunications, and insurance, under sectoral laws such as Greek Law 4261/2014 for financial services and Greek Law 3918/2011 for health data. Assisting with compliance in emerging technologies, such as AI and IoT, ensuring adherence to GDPR and related ethical standards.
- Representation Before Authorities and Litigation: Representing clients before the Hellenic Data Protection Authority (HDPA) in audits, compliance investigations, and administrative proceedings. Defending clients in data protection-related litigation, including claims for damages under Article 82 GDPR and actions under Greek procedural laws.
- Data Protection by Design and Default: Advising on technical and organizational measures required under Article 25 GDPR, including pseudonymization, encryption, and access controls to ensure data security. Assisting with the implementation of privacy-enhancing technologies (PETs) to minimize data processing risks.
- Representation Before Regulatory Authorities and Tribunals: Our team represents clients before the Hellenic Data Protection Authority (HDPA) and provides guidance on cross-border regulatory coordination under the GDPR’s one-stop-shop mechanism. We also handle disputes and litigation involving data privacy breaches, consumer complaints, and corporate liability for non-compliance.
Distinguished Expertise
Our Data Protection practice is characterized by a deep understanding of Greek and EU data privacy laws, technical precision in implementing compliance programs, and strategic foresight in managing data protection risks. From GDPR audits to regulatory investigations, we deliver results-driven legal solutions that safeguard our clients’ interests, ensure compliance, and mitigate potential liabilities. With a focus on both legal and technical aspects, we enable our clients to navigate the dynamic landscape of data protection law with confidence and success.