GENERAL DATA PROTECTION LEGISLATION (GDPR) has been implemented as a state law since May 25, 2018. It includes a new, modernised and strict compliance framework according to the protection of personal data in the European Union.

The General Data Protection Regulation applies to all companies that process and collects personal data of subjects residing in the European Union, European citizens. It affects every organization and company in Europe that process in any way personal data of any kind, offers goods or services or records the behavior of the data subjects of the EU, as well as any company that trades in the territory of the European Union.
The Regulation requires companies (regardless of legal form), and organizations that process personal data to re-evaluate their information security management strategy, information technologies, and privacy policies, training their staff and implement changes to compliance.
But what exactly we mean by the term «personal data»? It is any information concerning an identified or identifiable natural person, the subject of the data, any information that may reveal the identity of the person, his gender, his age, place of residence, his marital status, his employment relationship and even more personal information such as his habits, and his preferences, health data, political, religious beliefs, etc.
Each professional (company or organization) must, according to the General Data Protection Regulation, take appropriate technical and organizational measures in order to securely protect the data it processes (customer, staff, suppliers, associates) and to comply with the requirements set by General Data Protection Regulation and the market itself now. In particular, it must change or adapt its information systems to comply with terms such as:

• Careful collection and secure storage of personal data.
• No processing of personal data without consent
• Coding them to avoid profiling
• Avoiding linked database correlation
• Ability to delete or export and deliver data on demand.

Ensuring compliance with the Regulation by the cooperating companies that manage the personal data on its behalf.

In today’s digital world, the chances of a company dealing with a breach are increasing every day. The consequences of a breach and loss of data can be extremely negative, affecting even the survival of a company as proven in the market.
The consequences of a violation are summarized as follows:
Inability to access important & critical data. A huge blow to the company’s reputation and name.

• Possible Customer Loss & Deterioration of Customer Satisfaction Index.
• Temporary inability to perform transactions.
• Credit Rating.
• Need for more staff as well as greater training needs.
• Increase of premiums by insurance companies.
• Fines & compensations.
• It is obvious that dealing with them is complex, complicated, requires a lot of & varied resources and creates extraordinary (and often unbearable) costs.

We undertake the full process of your compliance with the general Regulation, providing you with:

Consultant support. It is important to understand the requirements of the General Regulation and consequently the compliance requirements set as a prerequisite for the entry and stay of the company in the Greek and European market.
Elaborate a study that analyzes the shortcomings and potential risks that your business will face with its non-compliance with the General Regulation. The complete Data Flow that is done in your business, the data collection procedures that are applied, the data retention processes are recorded.
In particular, the study covers the following procedures and activities: a) Data issues b) Rights of data subjects c) Interested Information Process d) Procedures for consent of the data subject e) Risk assessment of information technology technologies f) Information processing information Security, Security system character from third parties
Indication and implementation of appropriate technical and organizational measures for your business. We create the right action plan for your business. These measures address administrative issues (regarding the structure of the company or organization, separation of duties, change of jobs, job description), Organizational (regarding the management of personnel and general policies implemented by a company), Legal (contracts, contracts, agreements, lawsuits, business relations with third parties) and Techniques (Technologies for the protection of information systems to be implemented).
Support services. We fully support your business throughout its range of activities and in the long run by providing regular consulting, organizational and technical services, newsletters, manuals, continuous training of your staff and your constant compliance with new technologies and evolving market demands.

All procedures are coordinated by a new prerequisite based on a General Regulation: The Data Protection Officer (DPO). Each company must hire a Data Protection Officer (DPO) who has the duty to systematically inform and advise the company and its executives, to monitor its compliance with the General Regulation, to monitor developments, to provide advice on assessing the impact of processing on personal data protection, to propose solutions, to cooperate with the Personal Data Protection Authority, being the point of contact of the company with it.