Europeiska dataskyddsstyrelsen

Initial conclusions from the Hellenic DPA’s “ex officio” GDPR compliance investigation

Thursday, 31 January, 2019
gr

The Hellenic DPA, in order to a) explore the level of compliance with the General Data Protection Regulation (GDPR) -six months after its entry into force- and the specific legislation on e-privacy, b) raise the awareness of data controllers and data subjects, and also c) exercise its envisaged powers, has carried out the following “ex officio” investigation, which was initiated in December 2018 and is ongoing:

More particularly, the Hellenic DPA carried out an investigation to 65 controllers operating online in the fields of financial services, insurance services, e-commerce, ticket services and public sector services, for exploring the way specific requirements are met in the areas of transparency, the use of cookies, the sending of online messages and the security of websites through indicative checkpoints, perceived to the citizen in their navigation and the use of internet services.

  1. The initial conclusions that were drawn as a result of this initiative highlight, in general, the lack of compliance with the legislation on cookies and relevant technologies in almost all the controllers.
  2. There was also a lack of information on the processing operations and the recipients of the data at around 40% of the controllers. It is worth noting that the public sector lags behind in compliance, mainly with regard to transparency, in almost all of the organizations that were investigated.
  3. On the contrary, at a high percentage of more than 80% of data controllers, a satisfactory level of security was observed.
  4. Furthermore, a sufficient degree, more than 70%, of Data Protection Officers’ designation was noted in the private sector.

On the basis of the final conclusions of this first large-scale investigation to check compliance, after the entry into force of the Regulation, the DPA will exercise its powers that are envisaged by the pertinent provisions.

The investigation was presented in the Authority’s recent Information Day on the occasion of the 13th European Data Protection Day on January 28th and is available in Greek at www.dpa.gr  (http://www.dpa.gr/pls/portal/docs/PAGE/APDPX/EUROPEAN_DP_DAY_GENERAL/2019_DP_DAY/FILES%202018/PANAGOPOULOU_G.PDF).

For further questions, please contact the Hellenic Data Protection Authority: contact@dpa.gr