Implementing GDPR in Greek Companies - The necessary steps for integration

PDF
Published: May 26, 2024
Keywords:
General Data Protection Regulation - GDRP Records Management, Data Protection Officer - DPO Protection of Personal data
Nikolaos Kareklas
GreenFence, Select Material Recovery, Confidential Data Destruction & Recycling Company, Athens, Greece
Zoe Michalopoulou
Department of Archival, Library and Information Studies, University of West Attica, Athens, Greece
Fani Giannakopoulou
Department of Archival, Library and Information Studies, University of West Attica, Athens, Greece
Abstract

Purpose - The purpose of this paper is to examine the application of the European General Data Protection Regulation (GDPR) to Greek companies. The research investigated the positive and negative impact of the implementation of the Regulations, 18 months after the new legislation went active, regarding technological, organizational and legal issues.
Design/methodology/approach – For this research first step was the study of existing literature. Then, questionnaires were distributed to companies liable to the GDPR for the collection of quantitative data. Finally, a conduct research was made in a company that offers records management services trying to bring the services in compliance with GDPR.
Findings – The above procedures have yielded significant findings regarding the actual implementation of GDPR in the companies and the technological and organizational issues that took place and need to be resolved. The most important outcomes from this research is a) that the companies are in need for more guidance from the competent authorities in the field of data protection, b) there is a significant cost required to implement the changes in organizational structures and c) the important role of the Data Protection Officer (DPO).

Article Details
  • Section
  • Research Articles
Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.

Copyright Notice

Authors who publish with JIIM agree to the following terms:

  1. Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution Non-Commercial License that allows others to share the work with:
  2. An acknowledgment of the work's authorship and initial publication in this journal.
  3. Authors are permitted and encouraged to post their work online (preferably in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work.
References
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons against processing of personal data and for the free circulation of this data and the abolition of Directive 95/46 / EC (General Data Protection Regulation). (2016). Official Journal of the European Union. Retrieved from http://data.europa.eu/eli/reg/2016/679/oj
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons against processing of personal data and for the free circulation of this data and the abolition of Directive 95/46 / EC (General Data Protection Regulation). (2016). Official Journal of the European Union. Retrieved from http://data.europa.eu/eli/reg/2016/679/oj
Law no. 4624 : Hellenic Data Protection Authority (HDPA), measures for implementing Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data, and transposition of Directive (EU) 2016/680 of the European Parliament and of the Council of 27 April 2016 and other provisions. (2019). Government Gazette of the Hellenic republic. Retrieved from https://www.dpa.gr/pls/portal/docs/PAGE/APDPX/ENGLISH_ INDEX/LEGAL%20FRAMEWORK/LAW%204624_2019_EN_TRA NSLATED%20BY%20THE%20HDPA.PDF
Directive (EU) 2016/680 of the European parliament and of the council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA. (2016). Official Journal of the European Union. Retrieved from https://eur-lex.europa.eu/legal- content/EN/TXT/?uri=CELEX:32016L0680
PIAF: A Privacy Impact Assessment Framework for Data Protection and Privacy Rights. › Research Explorer. (2020). In Cris.vub.be. Retrieved from https://cris.vub.be/en/projects/piaf-a-privacy-impact- assessment-framework-for-data-protection-and-privacy- rights(6f397a97-834e-4ff7-b44e-52df1cf020d2).html)
European data protection board. (2018, April 20). Role of the NSRF - European Data Protection Board. Retrieved July 7, 2019, from European Data Protection Board website: https://edpb.europa.eu/role-edpb_el
Guidelines of Article 29 of the Working Group on Data Protection Officers WP 243 rev.01 Group for the Protection of Persons against the Processing of Personal Data. (2018, January 24). Retrieved from Lawspot website: https://www.lawspot.gr/nomikes-plirofories/loipa- nomika/kateythyntiries-grammes/kateythyntiries-grammes- omadas-ergasias-0
European Data Protection Supervisor (EDPS) | European Union. (2016). European Union. Retrieved from https://europa.eu/european-union/about-eu/institutions- bodies/european-data-protection-supervisor_el
Authority for the protection of personal data. (n.d.-c). Data Protection Officer (DPO). Retrieved from https://www.dpa.gr/portal/page?_pageid=33,211475&_dad= portal&_schema=PORTAL
SAS. (2018). GDPR compliance in a data-driven world Insights from a 2018 survey. Retrieved from Statistical Analysis System (SAS) website: https://www.sas.com/content/dam/SAS/en_us/doc/whitepa per1/gdpr-compliance-109048.pdf
SEV. (2018). The General Data Protection Regulation (GDPR): opportunities and challenges for businesses in the digital age. Economy and Business. Retrieved from https://www.sev.org.gr/Uploads/Documents/50953/SPECIAL %20REPORT_14_3_2018.pdf