Data Protection & Cybersecurity

Experience

Regulatory Advice

We provide compliance support to help our clients keep pace with the changing regulatory landscape in data protection and cybersecurity and minimise legal compliance risks in their day-today operations. Our range of services includes: data protection notices to data subjects and consent forms (customers, users of websites, etc.), data protection and cybersecurity policies, HR data and privacy at work (notices to employees, device use policies, use of biometrics, use of AI technologies for hiring, employee monitoring, use of DLP tools, background and criminal checks, operation of CCTV systems, etc.), health data (medical records, health tracking apps, clinical trials, medical devices, etc.), etc.

GDPR compliance audits

We carry out compliance and re-designing projects for our clients’ GDPR-readiness in synergies with (inhouse and external) IT and cybersecurity experts. We have designed and we offer a holistic, end-to-end GDPR compliance program, which we fine tune and adapt to the industry and particular needs of the organisations we support, helping them (a) develop and maintain an appropriate framework for data processing across the entire data lifecycle and (b) demonstrate accountability for GDPR requirements. Moreover, our firm has extensive expert experience in dawn raid procedures from regulatory authorities. We prepare organisations to deal with dawn raids by the Hellenic Data Protection Authority and the Hellenic Authority for Communication Security and Privacy and we advise and support them during the entire process.

Data breach management

Our cybersecurity and data protection team can help you prepare for and respond decisively to any data breach incident (unauthorised access, data leakage, ransomware, etc.), offering immediate legal advice and assistance with breach notification procedures, also assistance with internal and external investigations, to mitigate compliance, liability and reputational risks. Our established partnerships with IT (cybersecurity and forensics) experts, offer added value to our services, ensuring an affective and timely management of obligations and risks.

DPO as a service

As a strategic service line, we provide DPO as a Service in order to help our clients outsource the role of a Data Protection Officer (DPO) thus securing the desired GDPR compliance level. Our team of legal and IT counsels, acting as DPO, is a key player in the data governance system and main instrument for promoting compliance within your organisation.

Data Protection Impact Assessment

We have developed a DPIA methodology and templates, having built on methodologies suggested by various EU supervisory authorities, having also considered relevant guidelines and international risk assessment and risk management standards. Importantly, teams carrying out DPIAs include both, legal and IT experts, who work closely with internal and, as the case might be, external stakeholders, including consultation with the data subjects affected by the envisaged data processing.

Litigation

We advise and represent organisations across the full spectrum of data protection, cybersecurity and privacy-related complaints, claims and disputes, including from cases of alleged unlawful processing and GDPR violations through to claims for damages arising out of personal data breaches. Our data protection team is supported by our dispute resolution experts, with decades of unparalleled experience, gained in courts at all levels of jurisdictions and particular expertise in cross-border litigation.