Skip to content

Personal Data Protection (GDPR)

European Regulation (EU) 2016/679 concerns the "Protection of natural persons with regard to the processing of personal data and the free movement of data and the repeal of Directive 95/46/EC" (General Data Protection Regulation - General Data Protection Regulation).

The Regulation was adopted on 27 April 2016 and will be directly applicable in Member States from 25 May 2018 replacing the existing European Directive 95/46/EC as well as the existing national privacy legislation (Law 2472/1997 as amended and currently in force).

The provisions of the Regulation apply without distinction to any public and private body, organisation (ministries, local government, social security institutions, educational institutions, tax offices, trade unions...) or business (banks, nursing institutions, pharmaceutical, insurance, transport, telecommunications, advertising, commercial companies, etc.) that processes personal data of European citizens. The regulatory scope of the Regulation includes, but is not limited to, citizens, customers, taxpayers, suppliers, recipients of health services, insured persons, employees, members of political parties, associations, users of websites and social networks, while particular emphasis is placed on the protection of minors.

TÜV NORD Greece (TÜV NORD) has developed a service, which concerns the assessment of the maturity level of actions for adaptation to the General Data Protection Regulation (GDPR).

In this service we perform audits in two different pillars (procedural/legal & technical/IT) with the participation of specialized partners in the Inspection Team (Legal and IT expert).

During the audit we make an assessment of the IT systems used by the company and the maturity level of the actions aimed at compliance with the Regulation (GDPR). In this service we use a structured checklist, inspection of infrastructure and facilities, audit of supporting documentation, interviews with the responsible persons and employees.

Following the audits, a report is generated with the methodology and findings, a visualization of the compliance maturity of the actions per area of the Regulation, as well as some guidelines regarding their evaluation.

  • It verifies through an independent body that the organization's actions to comply with the Regulation have been carried out.
  • Verify that the compliance actions have been carried out in the right way and have the desired effect.
  • Demonstrates through an independent body that the risks associated with personal data have been identified, assessed and managed satisfactorily.
  • It demonstrates the existence of a formal and functioning system of personal data protection.
  • Demonstrates the commitment of the organisation's senior management to the security of its personal data information.