Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act
Greece Law 4624/2019 (Government Gazette FEK A 137 of 29 August 2019) is the Greek national supplement to the EU GDPR (Regulation (EU) 2016/679) + the implementing statute for the EU Law Enforcement Data Protection Directive (Directive (EU) 2016/680, 'LEDP'). KEY STRUCTURE: 5 Chapters - (A) General Provisions; (B) HDPA (Hellenic Data Protection Authority); (C) GDPR Implementation Provisions; (D) LEDP Implementation Provisions; (E) Sanctions + Final Provisions. KEY GREEK-SPECIFIC PROVISIONS: (a) CHILD AGE OF CONSENT - 15 years old for information society services (below the GDPR 16 default; Greece used the GDPR Art. 8 derogation); (b) PROCESSING OF EMPLOYEE PERSONAL DATA - specific rules for employment context including background-checks + monitoring + biometric + health data + termination; (c) PROCESSING FOR ARCHIVING + RESEARCH + STATISTICAL PURPOSES - specific Greek rules under GDPR Art. 89; (d) PROCESSING FOR JOURNALISTIC + ACADEMIC + ARTISTIC + LITERARY purposes - freedom-of-expression exemptions per GDPR Art. 85; (e) HDPA POWERS + STRUCTURE + PROCEDURES + SANCTIONS - administrative + criminal penalties; (f) PUBLIC SECTOR + PUBLIC INTEREST PROCESSING - lawful basis under GDPR Art. 6(1)(e); (g) DATA PROTECTION OFFICER (DPO) DESIGNATION CRITERIA; (h) UNIQUE IDENTIFICATION NUMBERS PROCESSING RESTRICTIONS (Greek-specific protection of Greek tax/AMKA/social security IDs). HDPA (Hellenic Data Protection Authority - Arhi Prostasias Dedomenon Prosopikou Charaktira) is the supervisory authority + independent constitutional body. Established by Law 2472/1997 (predecessor) + 9-member Board appointed by Greek Parliament + administers GDPR + LEDP + sectoral laws + collaborates with EDPB + EDPS + other EU DPAs. COORDINATION: (a) GREEK CONSTITUTION Article 9A (right to privacy + personal data protection); (b) EU GDPR + LEDP + ePrivacy Directive (Law 3471/2006 implementing Directive 2002/58/EC); (c) Greek Whistleblower Law 4990/2022 transposing EU Directive 2019/1937; (d) Greek Cybersecurity Authority NCSA (Law 4577/2018 transposing NIS1; NIS2 transposition pending); (e) Greek Labor Code + employee privacy protections; (f) Sectoral laws (banking + telecom + healthcare). 2024-2025 PIPELINE: NIS2 transposition (deadline October 2024) + Greek DORA implementation (digital operational resilience for financial entities) + EU AI Act transposition + EU Data Act + EU Data Governance Act implementation + HDPA enforcement actions + ongoing amendments + EU Whistleblower Law 4990/2022 enforcement.
Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (7)
Greece Law 4624/2019: 2024-2025 Pipeline, NIS2 + DORA + AI Act + Data Act + EDPB Coordination + EU Adequacy
| Code | Title |
|---|---|
| GR-DPA-2024-2025-Pipeline-NIS2-DORA-AIAct-DataAct | Greece Law 4624/2019 2024-2025 Pipeline - NIS2 + DORA + AI Act + Data Act + EDPB Coordination |
| GR-DPA-Implementation-Roles-DPO-Sectoral | Greece Law 4624/2019 Implementation Roadmap, Organizational Roles, DPO and Sectoral Application |
| GR-DPA-Sectoral-Banking-Telecom-Healthcare-PublicSector | Greece Law 4624/2019 Sectoral Application: Banking, Telecoms, Healthcare, Public Sector, Insurance |
| GR-DPA-Status-HDPA-Enforcement-Adequacy-EuropeanGovernance | Greece Law 4624/2019 Status, HDPA Enforcement, EU Adequacy and 2025+ European Governance |
Greece Law 4624/2019: Chapter A - General Provisions, Scope, Greek-Specific Lawful Bases
| Code | Title |
|---|---|
| GR-DPA-ChapterA-Scope-LawfulBasis-Defs | Greece Law 4624/2019 Chapter A - General Provisions, Scope, Definitions and Greek-Specific Lawful Bases |
Greece Law 4624/2019: Chapter B - Hellenic Data Protection Authority (HDPA) Structure, Powers and Procedures
| Code | Title |
|---|---|
| GR-DPA-ChapterB-HDPA-Structure-Powers | Greece Law 4624/2019 Chapter B - Hellenic Data Protection Authority (HDPA) Structure, Powers and Procedures |
Greece Law 4624/2019: Chapter C - GDPR Implementation Provisions (Sensitive Data, Employee, Children Age 15, Special Processing)
| Code | Title |
|---|---|
| GR-DPA-ChapterC-GDPR-Implementation-Employee-Children-Special | Greece Law 4624/2019 Chapter C - GDPR Implementation Provisions (Children Age 15, Employee Data, Special Processing) |
| GR-DPA-DataSubjectRights-Breach-DPIA-Transfers-Children | Greece Law 4624/2019 Data Subject Rights, Breach Notification, DPIA, International Transfers and Children's Data |
Greece Law 4624/2019: Chapter D - LEDP Implementation (Directive (EU) 2016/680 for Law Enforcement)
| Code | Title |
|---|---|
| GR-DPA-ChapterD-LEDP-LawEnforcement | Greece Law 4624/2019 Chapter D - LEDP Implementation (Directive (EU) 2016/680 for Law Enforcement) |
Greece Law 4624/2019: Chapter E - Administrative Sanctions, Criminal Offences, Civil Liability
| Code | Title |
|---|---|
| GR-DPA-ChapterE-Sanctions-Criminal-CivilLiability | Greece Law 4624/2019 Chapter E - Administrative Sanctions, Criminal Offences and Civil Liability |
Greece Law 4624/2019: Coordination with Greek Constitution Art. 9A, ePrivacy Law 3471/2006, NIS2, Whistleblower Law 4990/2022
| Code | Title |
|---|---|
| GR-DPA-Coordination-Constitution-ePrivacy-NIS2-Whistleblower | Greece Law 4624/2019 Coordination with Greek Constitution Art. 9A, ePrivacy Law 3471/2006, NIS2, Whistleblower Law 4990/2022 |
| GR-DPA-Crosswalk-EU-Adjacent-MemberStates | Greece Law 4624/2019 Crosswalk to GDPR, LEDP, EU Adjacent Frameworks and Member State Implementations |
Frequently Asked Questions
What is Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act?
Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act is a compliance framework from Greece with 7 domains and 12 controls. Greece Law 4624/2019 (Government Gazette FEK A 137 of 29 August 2019) is the Greek national supplement to the EU GDPR (Regulation (EU) 2016/679) + the implementing statute for the EU Law Enforcement Data Protection Directive (Directive (EU) 2016/680, 'LEDP'). KEY STRUCTURE: 5 Chapters - (A) General Provisions; (B) HDPA (Hellenic Data Protection Authority); (C) GDPR Implementation Provisions; (D) LEDP Implementation Provisions; (E) Sanctions + Final Provisions. KEY GREEK-SPECIFIC PROVISIONS: (a) CHILD AGE OF CONSENT - 15 years old for information society services (below the GDPR 16 default; Greece used the GDPR Art. 8 derogation); (b) PROCESSING OF EMPLOYEE PERSONAL DATA - specific rules for employment context including background-checks + monitoring + biometric + health data + termination; (c) PROCESSING FOR ARCHIVING + RESEARCH + STATISTICAL PURPOSES - specific Greek rules under GDPR Art. 89; (d) PROCESSING FOR JOURNALISTIC + ACADEMIC + ARTISTIC + LITERARY purposes - freedom-of-expression exemptions per GDPR Art. 85; (e) HDPA POWERS + STRUCTURE + PROCEDURES + SANCTIONS - administrative + criminal penalties; (f) PUBLIC SECTOR + PUBLIC INTEREST PROCESSING - lawful basis under GDPR Art. 6(1)(e); (g) DATA PROTECTION OFFICER (DPO) DESIGNATION CRITERIA; (h) UNIQUE IDENTIFICATION NUMBERS PROCESSING RESTRICTIONS (Greek-specific protection of Greek tax/AMKA/social security IDs). HDPA (Hellenic Data Protection Authority - Arhi Prostasias Dedomenon Prosopikou Charaktira) is the supervisory authority + independent constitutional body. Established by Law 2472/1997 (predecessor) + 9-member Board appointed by Greek Parliament + administers GDPR + LEDP + sectoral laws + collaborates with EDPB + EDPS + other EU DPAs. COORDINATION: (a) GREEK CONSTITUTION Article 9A (right to privacy + personal data protection); (b) EU GDPR + LEDP + ePrivacy Directive (Law 3471/2006 implementing Directive 2002/58/EC); (c) Greek Whistleblower Law 4990/2022 transposing EU Directive 2019/1937; (d) Greek Cybersecurity Authority NCSA (Law 4577/2018 transposing NIS1; NIS2 transposition pending); (e) Greek Labor Code + employee privacy protections; (f) Sectoral laws (banking + telecom + healthcare). 2024-2025 PIPELINE: NIS2 transposition (deadline October 2024) + Greek DORA implementation (digital operational resilience for financial entities) + EU AI Act transposition + EU Data Act + EU Data Governance Act implementation + HDPA enforcement actions + ongoing amendments + EU Whistleblower Law 4990/2022 enforcement. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act have?
Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act has 12 controls organised across 7 domains. The largest domains are Greece Law 4624/2019: 2024-2025 Pipeline, NIS2 + DORA + AI Act + Data Act + EDPB Coordination + EU Adequacy (4 controls), Greece Law 4624/2019: Chapter C - GDPR Implementation Provisions (Sensitive Data, Employee, Children Age 15, Special Processing) (2 controls), Greece Law 4624/2019: Coordination with Greek Constitution Art. 9A, ePrivacy Law 3471/2006, NIS2, Whistleblower Law 4990/2022 (2 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act map to?
Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act does not currently have cross-framework mappings in our system. Check back as we continuously expand our mapping database.
How do I get started with Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act compliance?
Start your Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about Greece Law 4624/2019 - Hellenic Data Protection Authority (HDPA) Implementation Act requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 12 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 723 frameworks.
Get Started Free →Free forever — no credit card required