The Hellenic DPA, in order to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its entry into force- and the specific legislation on e-privacy, b) raise the awareness of data controllers and data subjects, and also c) exercise its envisaged powers, has carried out the following “ex officio” investigation, which was initiated in December 2018 and is ongoing:
- The initial conclusions that were drawn as a result of this initiative highlight, in general, the lack of compliance with the legislation on cookies and relevant technologies in almost all the controllers.
- There was also a lack of information on the processing operations and the recipients of the data at around 40% of the controllers. It is worth noting that the public sector lags behind in compliance, mainly with regard to transparency, in almost all of the organizations that were investigated.
- On the contrary, at a high percentage of more than 80% of data controllers, a satisfactory level of security was observed.
- Furthermore, a sufficient degree, more than 70%, of Data Protection Officers’ designation was noted in the private sector.
On the basis of the final conclusions of this first large-scale investigation to check compliance, after the entry into force of the Regulation, the DPA will exercise its powers that are envisaged by the pertinent provisions.
The investigation was presented in the Authority’s recent Information Day on the occasion of the 13th European Data Protection Day on January 28th and is available in Greek at www.dpa.gr (http://www.dpa.gr/pls/portal/docs/PAGE/APDPX/EUROPEAN_DP_DAY_GENERAL/2019_DP_DAY/FILES%202018/PANAGOPOULOU_G.PDF).
For further questions, please contact the Hellenic Data Protection Authority: firstname.lastname@example.org