Services tailored to client needs


Services delivered by a team of senior consultants


Effective solutions to the most complex problems


Diverse team of experts

John Goumenopoulos
Eleni Salanti
Data Protection

Angela Mitropoulos

George Karras
IT Support

Christos Ladas
Off Counsel
Panagiota Kelali
Off Counsel
Euclides Antoniades
IT Support


The General Data Protection Regulation

The General Data Protection Regulation (EU) 2016/679 aims to set a general frame for the protection of EU citizens’ personal data and provide a concrete context for the processing of their personal data by public authorities and private companies. The regulation not only strengthens and unifies the data protection regime for EU citizens/residents, but also defines strict principles for the transfer of personal data to third countries (outside the European Economic Area, i.e. outside the 28 EU countries plus Norway, Iceland and Lichtenstein).

Organizations, both public and private, that operate within the EU or that process EU citizens’ data, must adapt to this new reality and make sure that their operations/actions are in line with the requirements of the new regulation. The real value of GDPR is that it shifts the power over personal data from the hands of organizations, to those of natural persons. Non-compliance can be costly for all types of businesses, ranging from multi-nationals down to micro-enterprises. Severe infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue based on the preceding financial year, whichever amount is higher. As a consequence, companies must not confront GDPR as just another legal framework that they should initially comply with and then overlook. On the contrary, they should set as a priority the cultivation/adoption of a privacy culture within their business environments and integrate data protection into all aspects of their day-to day operations, first as a mentality and then as a legality/necessary compliance measure.

Who is affected by GDPR?
GDPR applies to all companies located within the European Union or to companies which offer goods or services to, or monitor the behaviour of data subjects who are in the European Union, regardless of whether these companies are established in the EU or in a non-EU country.
What are the sanctions for non-compliance with GDPR?
The fine that may be imposed on a company infringing GDPR may reach 4% of its annual global turnover, or 20 million Euros, whichever is higher! This is the maximum fine that can be imposed for the most serious infringements e.g. inability to obtain the consent of a customer to legally process data or transfer personal data to a third country without implementing the appropriate safeguards provided in the regulation. However, there is a graduation of fines. For example, a company may face a fine corresponding to 2% of its annual worldwide turnover, among others in case of non-compliance with the obligation to keep a record of processing activities, non-adoption of appropriate technical and organizational measures, failure to appoint a data protection officer when necessary.
Should my company appoint a Data Protection Officer (DPO)?

A company or organization is required to appoint a Data Protection Officer (DPO) when:

  • Personal Data is processed by public authorities
  • A company regularly and systematically monitors data subjects on a large scale, or
  • The core activities of the company involve processing of Special Categories of Personal Data
What are the basic obligations that an entity must meet to ensure compliance with GDPR?

Companies must meet the following obligations:

  • To process legally, fairly and transparently their clients’ personal data
  • To collect personal data only for defined, explicit and legitimate purposes
  • Data processing should be limited to the purposes for which the personal data were initially collected
  • The personal data must be kept accurate and up-to date.
  • The personal data should be kept for no longer than necessary for the purposes for which they were collected
  • The processing is performed in a manner that ensures the appropriate data security and protection against unauthorized or illegal processing, loss, destruction or damage.



GAGDPR offers a full range
of high-standard data protection
services and solutions tailored made
to clients’ business needs

Read More


In collaboration with external leading
professionals, GAGDPR offers a wide
range of business-related consulting
services, focused on SMEs

Read More


Dimokratias Avenue 4-6
154 51 Neo Psychico
Attiki - Greece

Τel. +30 210 6747361
Fax. +30 210 6747347
[email protected]


Get in touch with us

Committed to come up with the most appropriate solution for you.

Please complete the contact form below and we will get back to you very shortly.


Please consult our company’s privacy policy about the protection of your personal data in accordance
with regulation 2016/679, which can be found in our Data Protection Policy.
The processing of your personal data is necessary to respond to your inquiry through e-mail and our company
commits to use them only for this purpose. Before submitting your request,
please be informed about your rights and our company’s security measures here.