New GDPR law for Greece
Spyridon Vlachopoulos and Vassiliki Christou from the University of Athens explain new aspects and limitations of this law.
Greece’s law implementing the GDPR, Law 4624/2019 (the Greek Law), entered into force on 29 August 2019. The new Greek Law is composed of three parts. The first part provides that the Greek Data Protection Authority (DPA), responsible for the enforcement of data protection law, including the GDPR, is the DPA already established under the previous data protection law 2472/1997, and sets out its new competences. The second part contains measures implementing the GDPR. The third part transfers into Greek legal order Directive 2016/680/EU(1). In this article, we shall focus primarily on the second part of the Greek Law to illustrate how the Greek legislator has exercised the discretion provided in the GDPR for national implementation.