Zepos and Yannopoulos - Services [ Data Protection ]

Data Protection

Our firm has been a pioneer in Greece in Data Protection related issues since the very implementation of the EU Directive 95/46/EC, and has developed significant expertise in this area.

We advise on a regular basis foreign and Greek legal entities, such as credit institutions, insurance companies, commercial retailers and education and non-profit organizations on their notification and license obligations towards the Hellenic Data Protection Authority (DPA) and on various corporate and commercial activities triggering data protection compliance procedures.

Our work covers not only regulatory compliance but also advice on numerous activities and schemes which entail data protection concerns such as whistle-blowing schemes, share incentive plans, internal investigations, marketing and advertising activities, use of CCTVs, employees' background checks, creditworthiness controls and transfers of databases in the context of M&As.

Our experience comprises also dealing with innovative issues such as overseas transfer of sensitive personal data and implementation of biometric methods and technology for identification purposes and transfer of the so-collected data outside the EU.

At the contractual level, data protection compliance is a constant parameter of our review and scope of work while these issues are incorporated in the scope of due diligence work undertaken. Our goal is to minimize risks arising from the collection, processing and flow of data and to ensure processing in line with the strict Greek legal framework and regulatory practice while at the same time safeguarding the rights of the data subjects. Additionally, we have extensive expertise in drafting data protection agreements, such as agreements for the transfer of personal data outside the EU, for the processing of personal data by data processors and the appointment of local representatives of data controllers in Greece. We also draft relevant notices and disclaimers for corporate documents and websites.

In the field of litigation we have extensive experience in defending our clients before the administrative courts with respect to fines or other types of sanctions imposed by the DPA for unlawful collection and processing of data.

By way of example our firm has advised :

Compaq and obtained from the DPA the issuance of the first permit in Greece for an overseas transfer of personal data to the U.S.
Τhe Graduate Management Admission Council (GMAC) in connection with the personal data of the test-takers of the GMAT exam and obtained the first permit that has been granted to an entity other than a bank for the extension of the preservation period of personal data collected by means of a closed television circuit.
An international TV show producer on data protection issues arising from a reality TV show aired in Greece and on resulting litigation.
A leading international retailer in relation to the information notice and the consent of the consumers for use of their data for marketing purposes and the filing of the relevant notification to the DPA.
An international industrial conglomerate on numerous data protection issues relating to the implementation of their whistle-blowing policy in Greece.

As a result of our day-to-day involvement in innovative data protection issues, our firm has developed a constructive and interactive relationship with the DPA and has significantly contributed in the formation of the prevailing regulatory approach on several issues and in the production of a related secondary (regulatory) framework on a wide array of issues.

home | print |