Data Protection, Privacy & Security

Our practice advises all market participants on the increasingly complex legislation governing data privacy and security. We have extensive expertise in advising clients operating across a variety of industry sectors on emerging and existing data privacy requirements and are well positioned to address the new challenges resulting from the ongoing digital transformation. Our specialised privacy team is committed to offering practical, business-oriented advice, and to helping clients ensure compliance and manage risk.

We help companies to develop tailored compliance programs and policies, provide on-site and online employee training, including mock exercises, and work closely with clients to proactively mitigate data privacy and security risks. Our aim is to provide tailored services to assist our clients achieve their commercial and transactional goals within a complex legislative framework.

Privacy Compliance & Risk Management
We advise on all aspects of privacy and data protection matters, including GDPR compliance, employees' data processing, compliance with EU and local privacy laws, risk management and the development of new digital business models and products (privacy by design). Clients rely on us for support on compliance with the legislation and regulations in place governing the administration of customer, client and employee information and management of the associated reputational and financial risks. We have extensive experience in drafting and negotiating complex privacy agreements, including privacy policies and procedures, and advising on website issues, cybersecurity and data breaches, data exports, as well as the handling of data subjects' requests. Our team has vast experience in providing sector specific services for areas of processing such as human resources, whistleblowing, public relations, e-Privacy, marketing and the use of cookies, closed circuit television (CCTV), call recording, banking and health. We regularly assist clients in adapting to and implementing global compliance programs and policies in conformity with regulatory developments, including assisting them to set up internal whistleblowing channels for the report of EU law breaches according to the requirements of the EU Whistleblowing Directive.
Regulatory Proceedings & Disputes
Our team regularly assists companies in responding to regulatory inquiries from the national regulatory authority (HDPA). Where potential infringements do occur, we represent clients at every stage of an investigation as well as with administrative or legal proceedings. We have particular expertise in representing companies facing HDPA investigations into employees' data processing, data transfers and data security issues. We work closely with our litigation attorneys to successfully represent our clients in privacy disputes before the Courts.
Transactional Matters
We regularly assist our clients with data privacy and cybersecurity matters that arise in connection with transactional projects, often advising on privacy and data security related risks from the processing of consumer, customer and employee data. We work closely with our M&A team in the context of due diligence projects and transactional documents.
Cyber Security & Data Breach
We advise on network and information security requirements arising from network security rules and work closely with companies in identifying security compliance gaps. We also assist clients to assess potential data security breaches and develop incident response plans and policies.
Recent Experience
Advice on Whistleblowing and Reporting of Breaches
We advise an international technology solutions and software provider in relation to employment matters and compliance of its global policies with local law requirements, including data privacy and whistleblowing requirements following the enactment of legislation incorporating in Greece the EU Whistleblowing Directive for the reporting of EU law breaches.
Data Privacy Issues in Acquisition of Augmenta by CNH Industrial
Within the context of CNH Industrial’s acquisition of Augmenta Group, we reviewed all data privacy related documentation of the Greek subsidiary, including website policies and employee forms, also advising on target's compliance with data privacy laws.
Data Privacy Aspects of the Sale of Tethys Portfolio
Within the context of the sale of the first sectoral portfolio of loan claims sold in the secondary market in Greece, we advised Intrum Hellas, servicer and coordinator of the secondary sale and transfer, on data privacy issues, namely notice to data subjects.
GDPR and Whistleblowing Compliance in Cosmetics Industry
We advise a leading natural cosmetics company in relation to its GDPR compliance projects, including drafting and updating client’s privacy and cookies policies, assisting them in setting up an internal reporting system for EU law breaches and appointing an officer responsible for receiving and monitoring reports under this system, CCTV advice, as well as advice on consent forms and data processing agreements.
Advice on Data Privacy Issues Related to Clinical Trials
We are advising a global biotechnology company on data protection issues connected to its clinical trials, including notice and consent requirements.
Cybersecurity and Data Breach Incident
We advise a multinational apparel company in relation to a cybersecurity incident and on filing of a data breach notification to the Hellenic Data Protection Authority (HDPA).
Advice to Percassi
We advise Percassi, an Italian investment group and a leader in the development and management of major brands, on data privacy issues connected with their company's presence in Greece.
Advice on PCAOB Reporting Requirements
We advise on a regular basis auditing firms in Greece anf members of the Big Four international accounting networks, on EU and Greek data privacy law conflicts that may arise in the context of their mandatory reporting activities to the US Public Company Accounting Oversight Board (PCAOB).
HR Systems Data Privacy Compliance
We advise an auditing firm in Greece, member of one of the Big Four international accounting networks, on data protection legal compliance of its group HR systems with respect to the processing of employees’ personal data.
Card Acquiring Services
We advise a financial services corporation on legal regulatory requirements relating to the promotion of its card acquiring services in Greece, including advising on applicable data privacy compliance requirements under the GDPR and national enforcement legislation.
Leading International Fund Data Privacy Advice
We advise a world leader in private equity and credit on a number of data privacy issues pertaining to its establishment in Greece, including on employees' notices and permissibility of employees' data processing.
Advice in E-commerce Sector
We advised an international e-commerce company specialized in online travel in connection with the ex officio investigation of the Hellenic Data Protection Authority in the online and e-commerce sectors, including providing advice on e-privacy related matters, such as marketing communication and cookies.
GDPR Compliance in Healthcare
We are advising the local subsidiary of an international specialty healthcare company with respect to GDPR compliance matters arising out of its operation, including drafting and reviewing website privacy and cookies policies and assessing its relationships with vendors.
Data Privacy Compliance in Construction and Chemicals Company
We are advising a construction and chemicals production company on data privacy compliance matters that arise in their day-to-day business, including drafting of privacy agreements.
Advice to Pharmaceutical Sector
We are advising the Greek subsidiary of a global pharmaceutical company on issues arising in the course of their day-to-day business, including data privacy matters and handling of sensitive patients’ data.
Cloud Computing Advice
We advised a global market leader in metering solutions with respect to the external supply of cloud computing services and the resulting contractual arrangements.
Data Breach in Marine Fuels Industry
We advised an international marine fuel logistics company in the context of allegations of data breaches brought before the Hellenic Data Protection Authority (one of the first cases to be heard under the GDPR) and have represented the client in related proceedings before the civil courts.