Data
Protection
With extensive experience in the field of personal data protection and with the cooperation of experienced technical consultants, we provide full support for business compliance with the new General Regulation on the Protection of Personal Data (Regulation 2016/679), to be implemented by 25/5/2018. In general, we provide full support for any matter of compliance with Data Protection Law at national and international level and your representation before supervisory authorities.
- Compliance with the New Regulation and transition to the new Data Protection regime:
- Data Protection Audit/Due Diligence. The Company's specialized team, composed of experienced legal and technical consultants, maps the data flows of the client’s Company.
- Status assessment/gap analysis. We detect errors and / or gaps to be filled.
- Data Protection Action Plan. Taking into account the specific needs and policies of the company, we propose the adoption of appropriate legal and technical-organizational measures.
- Αction Plan implementation. Our team prepares and revises all the necessary legal documents for our clients to comply with the Regulation, including, but not limited to, the following:
- Drafting data protection clauses in employment and commercial contracts.
- Contracts for the transfer, licensing of data.
- Drawing documents (or electronic "documents"-forms) to obtain the consent of data subjects and organizing the consent procedures throughout the data stream.
- Compilation of operating codes, corporate self-commitment codes and definition of security policies and technical / organizational measures such as, but not limited to, defining accessibility to data roles in need-to-know basis, data anonymization or encryption practices, physical and technical security measures.
- Drawing up and / or reviewing Terms of Use and Privacy Policies.
- Drawing up contracts with “data processors” ("Data Processing Agreements") in accordance with the legal requirements.
- Drawing up corporate binding rules and management of the processes for the legal Data Transfer to Third Countries (e.g. U.S.)
- Drawing up (in cooperation with our technical consultants) Data Protection Impact Assessment (DPIA)
- Drawing up security policy, Disaster recovery and Contingency Plan.
- Structures for data subject information and response to their requests (rights to correction and deletion - "right-to-be-forgotten ", right to limitation of processing, right to data portability, right to information and access, right to oppose to profiling) etc.
At the same time, our technical team, in co-operation with the responsible IT managers of the company, ensures the implementation, on a technical level and on your company’s systems, of appropriate compliance practices.
- DPO, Training & Reviewing Services:
- “Data Protection Officer Services” (DPO).
- Regular Company Inspection and Revision Services on personal data issues for continued compliance with the requirements of the Regulation.
- Training of personnel for compliance with data protection rules.
- Assistance during certification process.
- Regular advisory Services, Legal Representation and further Services:
- Advisory support regarding compliance with legislation already by design, in the case of new services and products (Privacy by design and by Default).
- Drafting of all kinds of contracts and documents relating to personal data including those mentioned above (“Action Plan Implementation”).
- Data transfers, obtaining permits, communicating with competent authorities.
- Support in cases of data breach, and communication with competent authorities.
- Support and representation before Judicial and Supervisory Authorities.
- Certification of companies doing business in the U.S. under the EU/US Privacy Shield regime.
- Data Protection Audits in affiliated companies and organizations as well as Audits on behalf of Investors or on behalf of companies in search for investment.
- In 2017, our company has formed the legal framework for transition and compliance with the New Regulation, of a company, among others, engaging in market analysis being established and active in Europe and Asia, of a multinational commercial company with establishment in several EU countries including Greece, and of an American electronic market research company with an establishment in Greece.
- In 2017, two high-tech companies trusted our law firm to conduct internal DP Audit and manage related data protection issues in the context of a due diligence process by perspective multinational investors.
- In 2017, a U.S. company operating and established in Greece, entrusted us with the management of issues regarding data transfer in the United States and the certification of the company under the Privacy Shield regime.
- In 2017, we represented a nation-wide television station in an alleged personal data violation case.
- A large investment fund has trusted us to conduct, among others, Data Protection Audit to candidate companies for investment. In the context of the above cooperation, we conduct DP Audits on dozens of start-ups and technology companies.
- For almost ten years (2002-2012) we offered services to a Greek nation-wide television station, on issues of personal data protection among others, handling, both at the level of prevention and at the level of legal representation and representation before the Independent Administrative Authority, of complex issues regarding the balance between Mass Media Law, Freedom of Expression and Personal Data Protection.