Protection of personal data and privacy is a fundamental human right. The law grants certain rights to people (data subjects) and imposes specific obligations on those who hold and process personal data (controllers).
The General Data Protection Regulation (GDPR), which was introduced in May 25, 2018, is designed to allow individuals to have more control over their personal data and impose new obligations on businesses that collect, manage or analyze such data, including organizations outside the EU.
Implementation of the Regulation applies to companies within the European Union of all sizes, regardless of industry, and to all the sub-functions where data is collected. Following the Regulation, the new Law on the Protection of Personal Data L. 4624/2019 was published and entered into force in Greece.