Data Protection, Privacy & Security

Our practice advises all market participants on the increasingly complex legislation governing data privacy and security. We have extensive expertise in advising clients operating across a variety of industry sectors on emerging and existing data privacy requirements and are well positioned to address the new challenges resulting from the ongoing digital transformation. Our specialised privacy team is committed to offering practical, business-oriented advice, and to helping clients ensure compliance and manage risk.

We help companies to develop tailored compliance programs and policies, provide on-site and online employee training, including mock exercises, and work closely with clients to proactively mitigate data privacy and security risks. Our aim is to provide tailored services to assist our clients achieve their commercial and transactional goals within a complex legislative framework.

Privacy Compliance & Risk Management
We advise on all aspects of privacy and data protection matters, including GDPR compliance, employees' data processing, compliance with local privacy laws, risk management and the development of new digital business models and products (privacy by design). Clients rely on us for support on compliance with the legislation and regulations in place governing the administration of customer, client and employee information and management of the associated reputational and financial risks. We have extensive experience in drafting and negotiating complex privacy agreements, including privacy policies and procedures, and advising on website issues, cybersecurity and data breaches, as well as the handling of data subjects' requests. Our team has vast experience in providing sector specific services for areas of processing such as human resources, whistleblowing, public relations, e-Privacy, marketing and the use of cookies, closed circuit television (CCTV), call recording, banking and health. We regularly assist clients in adapting to and implementing global compliance programs and policies, including advising on data exports.
Regulatory Proceedings & Disputes
Our team regularly assists companies in responding to regulatory inquiries from the national regulatory authority (HDPA). Where potential infringements do occur, we represent clients at every stage of an investigation as well as with administrative or legal proceedings. We have particular expertise in representing companies facing HDPA investigations into employees' data processing, data transfers and data security issues. We work closely with our litigation attorneys to successfully represent our clients in privacy disputes before the Courts.
Transactional Matters
We regularly assist our clients with data privacy and cybersecurity matters that arise in connection with transactional projects, often advising on privacy and data security related risks from the processing of consumer, customer and employee data. We work closely with our M&A team in the context of due diligence projects and transactional documents.
Cyber Security & Data Breach
We advise on network and information security requirements arising from network security rules and work closely with companies in identifying security compliance gaps. We also assist clients to assess potential data security breaches and develop incident response plans and policies.
Recent Experience
Data Privacy of Subsidiary of Energy Drinks Leader
We are advising a multinational leader in the sector of energy drinks with regard to permissibility of vehicle tracking units and data privacy compliance matters related to its new establishment in Greece, including employees' notices and matters of equal opportunities (diversity).
Data Privacy Compliance in Media Sector
We are advising a leading international media production company in relation to their GDPR data privacy compliance as well as on issues related to processing of personal data during the pandemic.
Advice to Leading Italian Investment Group
We advise an Italian investment group which is a leader in the development and management of major brands on data privacy issues connected with their company's new establishment in Greece.
Film Production Data Privacy Advice
We are advising an American multinational entertainment and media company on data privacy law matters arising from its filming activities in Greece.
Leading International Fund Data Privacy Advice
We advise a world leader in private equity and credit on a number of data privacy issues pertaining to its establishment in Greece, including on employees' notices and permissibility of employees' data processing.
Sensitive Business Information in Maritime Sector
We are advising a shipping company on data privacy aspects in the context of exchange of sensitive business information by former employees.
NGO Trademark and Data Privacy Advice
We advise an NGO in relation to their data privacy compliance for the operation of its website and e-commerce platform as well as their cookies policy.
Advice in E-commerce Sector
We advised an international e-commerce company specialized in online travel in connection with the ongoing ex officio investigation of the Hellenic Data Protection Authority in the online and e-commerce sectors, including providing advice on e-privacy related matters, such as marketing communication and cookies.
GDPR Compliance in Healthcare
We are advising the local subsidiary of an international specialty healthcare company with respect to GDPR compliance matters arising out of its operation, including drafting and reviewing website privacy and cookies policies and assessing its relationships with vendors.
Data Privacy Compliance in Construction and Chemicals Company
We are advising a construction and chemicals production company on data privacy compliance matters that arise in their day-to-day business, including drafting of privacy agreements and advising on HR issues in the context of the pandemic.
Advice to Kosmocar
We advise Kosmocar, the official importer of VW, Audi and Skoda automobiles and Ducati motorcycles in Greece, in relation to compliance with emerging data privacy requirements under the GDPR.
BMW Hellas and BMW Austria Bank Advice
We advise BMW Hellas and BMW Austria Bank (Athens Branch) in relation to data protection and retention issues and processing agreements, including GDPR compliance projects, updating employee privacy policies, e-privacy related matters, call recording, CCTV policies in accordance with the HDPA Guidelines and cookies and on the contractual documents and privacy statements concerning BMW ConnectedDrive services.
Data Breach in Marine Fuels Industry
We advised an international marine fuel logistics company in the context of allegations of data breaches brought before the Hellenic Data Protection Authority (one of the first cases to be heard under the GDPR) and have represented the client in related proceedings before the civil courts.
Data Privacy in Healthcare Company
We have advised a UK IVF provider entering the Greek market on data privacy issues to ensure compliance with applicable local laws.
CCTV Privacy Related Issues
We advised a sportswear manufacturer on existing and emerging data privacy requirements arising under local legislation and the GDPR as regards the installation and operation of CCTV at their premises and retail stores.
Data Protection Training and Advice to Multinational Mass Media Corporation
We have provided training to the international multi-media business of a multinational mass media corporation on the application of the local data protection and privacy principles in the context of mobile apps and websites, covering topics such as privacy policies, obtaining consent, data analysis, cookies, the right to be forgotten, privacy by design and the rules applicable to dealing with children online.
Cloud Computing Advice
We advised a global market leader in metering solutions with respect to the external supply of cloud computing services and the resulting contractual arrangements.