The New European General Data Protection Regulation (GDPR)

The European Regulation (EU) 2016/679 concerns the “protection of natural persons with regard to the processing of personal data and the free movement of such data, and repealing Directive 95/46/EC” (General Data Protection Regulation – GDPR).
The Regulation was adopted on April 27, 2016, and became directly applicable in all EU Member States on May 25, 2018, replacing the former European Directive 95/46/EC as well as any existing national data protection laws, such as Greek Law 2472/1997, as amended and in force.

The provisions of the Regulation apply indiscriminately to every public and private entity, organization (ministries, local government, social security bodies, educational institutions, tax offices, associations, etc.) or business (banks, healthcare institutions, pharmaceutical companies, insurance companies, transport companies, telecommunications, advertising, commercial companies, etc.) that processes personal data of European citizens. The regulatory scope of the Regulation includes, by way of example, citizens, customers, taxpayers, suppliers, recipients of healthcare services, insured individuals, employees, political party members, associations, website and social media users, with particular emphasis placed on the protection of minors.

TÜV HELLAS (TÜV NORD) has developed a service aimed at assessing the maturity level of actions taken to comply with the General Data Protection Regulation (GDPR).

In this service, we conduct audits across two distinct pillars (procedural/legal & technical/IT), with specialized partners involved in the inspection team (legal and IT experts).

During the audit, we assess the information systems used by the company and the maturity level of actions aimed at aligning with the Regulation (GDPR). Our service includes a structured checklist, infrastructure and facility inspections, supporting documentation review, and interviews with relevant personnel as well as employees.

Following the audits, we produce a report outlining the methodology and findings, a representation of the compliance maturity level for each area of the Regulation, along with recommendations for further evaluation.

• Verifies, through an independent entity, that the organization's actions for GDPR compliance have been carried out.
• Ensures that the compliance actions have been implemented correctly and have achieved the desired results.
• Demonstrates, through an independent entity, that risks related to personal data have been identified, assessed, and effectively managed.
• Highlights the presence of an official and functional personal data protection system.
• Proves the commitment of the organization's senior management to the security of its information and personal data.