CLIENT ORIENTED

Services tailored to client needs

EXPERIENCED

Services delivered by a team of senior consultants

INNOVATIVE

Effective solutions to the most complex problems

MULTIDISCIPLINARY

Diverse team of experts

John Goumenopoulos
Managing
Director

Sofia Kallianteri
Data Protection
Counsel

Angela Mitropoulos
Partner &
Project Manager

George Karras
IT Support
Officer

Panagiota Kelali
Off Counsel
....
 
Euclides Antoniades
IT Support
Officer

REGULATORY FRAMEWORK

The General Data Protection Regulation

The General Data Protection Regulation (EU) 2016/679 aims to set a general frame for the protection of EU citizens’ personal data and provide a concrete context for the processing of their personal data by public authorities and private companies. The regulation not only strengthens and unifies the data protection regime for EU citizens/residents, but also defines strict principles for the transfer of personal data to third countries (outside the European Economic Area, i.e. outside the 28 EU countries plus Norway, Iceland and Lichtenstein).

Organizations, both public and private, that operate within the EU or that process EU citizens’ data, must adapt to this new reality and make sure that their operations/actions are in line with the requirements of the new regulation. The real value of GDPR is that it shifts the power over personal data from the hands of organizations, to those of natural persons. Non-compliance can be costly for all types of businesses, ranging from multi-nationals down to micro-enterprises. Severe infringements could result in a fine of up to €20 million, or 4% of the firm’s worldwide annual revenue based on the preceding financial year, whichever amount is higher. As a consequence, companies must not confront GDPR as just another legal framework that they should initially comply with and then overlook. On the contrary, they should set as a priority the cultivation/adoption of a privacy culture within their business environments and integrate data protection into all aspects of their day-to day operations, first as a mentality and then as a legality/necessary compliance measure.

Who is affected by GDPR?
GDPR applies to all companies located within the European Union or to companies which offer goods or services to, or monitor the behaviour of data subjects who are in the European Union, regardless of whether these companies are established in the EU or in a non-EU country.
What are the sanctions for non-compliance with GDPR?
The fine that may be imposed on a company infringing GDPR may reach 4% of its annual global turnover, or 20 million Euros, whichever is higher! This is the maximum fine that can be imposed for the most serious infringements e.g. inability to obtain the consent of a customer to legally process data or transfer personal data to a third country without implementing the appropriate safeguards provided in the regulation. However, there is a graduation of fines. For example, a company may face a fine corresponding to 2% of its annual worldwide turnover, among others in case of non-compliance with the obligation to keep a record of processing activities, non-adoption of appropriate technical and organizational measures, failure to appoint a data protection officer when necessary.
Should my company appoint a Data Protection Officer (DPO)?

A company or organization is required to appoint a Data Protection Officer (DPO) when:

  • Personal Data is processed by public authorities
  • A company regularly and systematically monitors data subjects on a large scale, or
  • The core activities of the company involve processing of Special Categories of Personal Data
What are the basic obligations that an entity must meet to ensure compliance with GDPR?

Companies must meet the following obligations:

  • To process legally, fairly and transparently their clients’ personal data
  • To collect personal data only for defined, explicit and legitimate purposes
  • Data processing should be limited to the purposes for which the personal data were initially collected
  • The personal data must be kept accurate and up-to date.
  • The personal data should be kept for no longer than necessary for the purposes for which they were collected
  • The processing is performed in a manner that ensures the appropriate data security and protection against unauthorized or illegal processing, loss, destruction or damage.

SERVICES

DATA PROTECTION SERVICES

GAGDPR offers a full range
of high-standard data protection
services and solutions tailored made
to clients’ business needs


Read More

BUSINESS CONSULTANCY

In collaboration with external leading
professionals, GAGDPR offers a wide
range of business-related consulting
services, focused on SMEs

Read More

GAGDPR

Dimokratias Avenue 4-6
154 51 Neo Psychico
Attiki - Greece

Τel. +30 210 6747361 ext.210
Fax. +30 210 6747347
[email protected]

   

Get in touch with us

Committed to come up with the most appropriate solution for you.

Please complete the contact form below and we will get back to you very shortly.

captcha