Data Protection

Data Protection

Our firm is a pioneer in Greece in data protection matters and has developed significant expertise in this area for over more than two decades now. 

Our clients include, among others, credit institutions, pharmaceutical and insurance companies, telecom and technology companies, commercial retailers, logistics and transportation firms, education and non-profit organisations. 

Our firm’s practice group has been involved in the most innovative and complex data protection projects that have taken place in the recent years, such as implementation of biometric methods and identification technology, profiling activities through automated systems and cyber-attacks. Over the years we have built a close, constructive and interactive relationship with the DPA and have contributed in the formation of the prevailing regulatory approach on such matters.

Our work covers the usual regulatory compliance and related authorisations, data protection audits, due diligence on data protection and privacy issues, privacy impact assessments, whistle-blowing schemes and other privacy policies, internal investigations, data processing agreements, data security, data retention obligations, privacy training and related litigation. 

Indicatively, our firm has advised:

  • Compaq in the first permit issued in Greece for the transfer of personal data to the US
  • Millennium Bank in relation to its data protection obligations arising from the disclosure of its clients’ personal data in the context of its sale to Piraeus Bank
  • A major pharmaceutical company on profiling and marketing activities targeting physicians and pharmacists, on alternative structures of data transfers to data processors and sub-processors outside the EU, on the processing of employees’ sensitive data etc.
  • Several multinational companies, including an international IT company, an international market leader in cash & carry and an EU leader in logistics, on data protection issues arising from the review of corporate emails of employees in the context of internal audits and the conduct of the internal investigation
  • An international service provider on cyber-attack reporting requirements
  • Several commercial retailers, including L’Oreal, BIC and Luxottica, on consumer promotional activities
  • AON on restrictions on data transfers in accordance with the data protection legislation
  • UPS on several data protection issues, including background checks, the organisation of their data transfers etc.
  • Motorola in relation to the transfer of its employees’ personal data to Nokia Siemens Networks in the context of the acquisition by the latter of Motorola’s worldwide network business
  • SEB Kort on data protection issues arising from the issuance of credit and charge cards to Greek employees
  • AT&T on data retention of telecommunications data
  • TUI, Booking.com and Iberdrola on their whistleblowing schemes
  • Τhe Graduate Management Admission Council (GMAC) in connection with the personal data of the test-takers of the GMAT exam, obtaining the first permit ever granted to an entity other than a bank, authorising the extension of the preservation period of personal data collected by means of a closed television circuit
  • Endemol on data protection issues arising from a reality TV show aired in Greece and on resulting administrative litigation and
  • A leading international retailer in relation to the information notice, consumers’ consent for use of their data for marketing purposes and the filing of the relevant notification to the DPA.
Subscribe to RSS - Data Protection