Law: Law 4624/2019 on the Personal Data Protection Authority, Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) and Transposing into National Law Data Protection Directive with Respect to Law Enforcement (Directive (EU) 2016/680) and Other Provisions ('the Law'), and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: The Hellenic Data Protection Authority ('HDPA')

Summary: The Law and Law 3471/2006 on the Protection of Personal Data and Privacy in the Electronic Telecommunications Sector and Amendment of Law 2472/1997, which governs, among other things, cookies and other trackers, are the main pieces of privacy legislation in Greece and both are enforced by the HDPA. The HDPA has been particularly active in releasing guidelines on GDPR compliance, and has covered topics such as cookies and other trackers, Data Protection Impact Assessments, breach notifications, accountability, and processing records. In addition, the HDPA has conducted several enforcement actions and issued fines ranging from €5,000 to €150,000 for, among other things, unlawful processing of employee data, non-compliance with access requests, and inadequate security measures. On 27 January 2020, the HDPA issued an opinion (only available in Greek here) which suggested that certain Articles of the Law are incompatible with the GDPR.