Koumentakis

Category: Articles

  • Personal Data Protection And Companies

    Personal Data Protection And Companies

    [vc_row][vc_column][vc_column_text] European requirement the enforcement for Personal Data Protection. New compliance rules (Regulation 2016/679)

     

    Preamble: What Does Non-Compliance Mean

    It is true that any new obligation created for a company burdens its operating costs. But could anyone suggest non-compliance with the obligations under this Regulation for Personal Data Protection?

    To this case we could not remain indifferent. European Regulation (2016/679) is in force without the need for ratification by the Greek legislator.

    Sanctions threatened? Unsustainable! Without going into the details of criminal sanctions, the maximum penalties (fines) amount to € 10.000.000 or € 20.000.000 and at a percentage of 2% or 4% respectively of the infringer’s worldwide turnover (if the above amounts are below the respective percentages on its worldwide turnover!)

    Things are NOT simple …

     

    The Existing Institutional Framework

    The need to protect individuals from the constantly evolving (due to the rapid developments in technology) exposure of their Personal Data and the creation of a secure modus operandi of the data processors is underlined by the European Regulation 679 of 27 April 2016, which shall be in full effect for all Member States (among which our country, of course) on 25.5.2018.  

    In accordance with Law 2472/1997 on the Protection of Individuals with regard to the Processing of Personal Data (and its revisions), the Greek legislator has incorporated the European Directive 95/46 / EC “On the protection of individuals with regard to the processing of personal data and the free movement of such data”.

    The key foundations for the Protection of Personal Data that had already been set twenty years ago referred to the identification of:

    (a) the basic concepts such as “record”, “data subject”, “simple data”, “sensitive data”, “controller”, “processor”

    (b) the rights of the Subjects of Processing (each of us)

    (c) the obligations of Personal Data Controllers (natural and legal persons, bodies and organizations with whom we are required to have transactions in our daily lives from our employer to the Register of a Taxation); and

    (d) the establishment of the Personal Data Protection Authority, which would then function independently, as a supervising body and as an institutional guarantor for verifying compliance with the European requirements.

    The Personal Data Protection Authority has been set up and operating since then, it undertakes vigorous action while its decisions have become a serious item in the agenda of not only the legal world bit also of the public opinion, as for example in the case of identifying religion in identities.

    The European Parliament chooses in this Regulation a more dynamic position than the previous Directive, since the former is a law of increased formal validity (it raises upward the laws of each member – state) and is (unlike the Directive) directly applicable horizontally (its incorporation by the national legislator is not required).

     

    The Tightening For The Protection Of Personal Data In The Context Of The European Regulation

    The Regulation strengthens the protection framework and in particular:

    (a) the Controller is required to choose the most secure, organizational and technical measures both at the time when the data collection and processing measures are defined and at the time of processing.

    The obligations of the Controller and the Processor expanded (: record-keeping – specifications – processing activities) and acquire specific responsibility to receive and be able to demonstrate that it has taken all necessary measures to ensure that processing is carried out in accordance with the Regulation.

    (b) The rights of the Subjects are enhanced, including: (i) the right of access, (ii) the right of correction (or completion) (iii) the right to be forgotten (conditionally, the right to erase data), (iv) the right to object (v) the portability of data.

    (c) It is specifically provided for cases of systematic, extensive and large-scale assessment of personal data or systematic monitoring on a large scale of public places, an obligation to carry out an impact assessment of potential risks and consequences for the rights and freedoms of individuals arising from the type, the framework, the scope and the purpose of processing.

    (d) the Controller is required to immediately inform the authority of any breach of the system security (within 72 hours as from the moment he becomes aware of such)

    (e) the Controller (in cases explicitly mentioned in the Regulation, indicatively large-scale processing of data and / or sensitive data) appoints a Data Protection Officer, an internal supervisor (employee or external partner) (such as a security technician) who will ensure compliance with the regulatory framework (in conjunction with any specific regulation, if any, envisaged by the national legislator in the scope of his discretion) and has direct contact, cooperation with and reporting obligation for any violation to the Personal Data Protection Authority.

    (f) There are provided considerably stricter sanctions than the existing administrative and criminal penalties, with fines of between € 10.000.000 or € 20.000.000, and a percentage of the company’s turnover, as the case and the offender may be (if that percentage exceeds the above amounts).

    A significant difference with the current legal framework is that no disclosure to the Authority is foreseen, rather than the availability of the material (: processing file) at the direct request of the Authority. However, each national legislator may specify his requirements and request for Disclosures or Licenses, especially in cases related to processing of sensitive personal data. In order to examine the possible adoption of legislative measures for the implementation of the Regulation, a Legislative Committee has been already set up (Government Gazette 1913 / 27.6.2016) whose work we expect to be completed before the implementation of the Regulation.

    It is imperative that each Controller reviews (with the appropriate collaborators) the security status of his technical systems and of its organizational structure so that he is ready to comply with the requirements of the Regulation.

     

    However, Is There, Any Time?

    As already mentioned, the date the new European Regulation comes into effect is 25.5.2018 – i.e. at first reading, we have enough time to act. Still, is that the case?

    Many factors are to be evaluated in order to provide the answer: “Okay, we have a lot of time”.

    The kind of business activity, compliance with the current institutional framework, the concentration (and / or handling) of sensitive, apart from simple, personal data, and so on.

    Let us not rush to answer that “we do not have sensitive personal data”. Do we ask for criminal records for some of our employees? Do we have a record of the health status of some of them? Do we have security cameras for the security of our company?

     

    Conclusion

    While we expect what (also) the national legislator will impose, the institutional framework for the protection of personal data has already become more complex. Threatened sanctions not only are significant but also, in fact, dramatically high.

    Preparing the company, most of the time, is neither easy nor quick.

    The need for more detailed information, a first assessment and for the first procedural steps, is present.

    Today!

     

    [/vc_column_text][/vc_column][/vc_row]

  • The Proper Legal Advisor

    The Proper Legal Advisor

    [vc_row][vc_column][vc_column_text] Legal Advisor, Attorney, Counsel. How many times have we all been wondering about who is the appropriate? Is it a question of remuneration (: cheap / expensive), promoted by the media (: unknown / famous), studies and experience, age or gender? And me, I’m neither from the Boston Legals nor member of the team of Suits. No such luck nor experiences! I managed to write a simple decalogue, which does not even refer to the level of fees … Who is the appropriate legal advisor and lawyer? Is it yours?

    1. Trust, Integrity, Prestige

    A constituent element of the client – lawyer relationship is trust. If we do not trust the (potential) lawyer, legal advisor, or if he does not trust you, I shall be dogmatic: We DOT not start a cooperation. But in the case that we have started the cooperation and we already see that mutual trust has been lost, we stop it DIRECTLY! We seek for another lawyer. A lawyer we can trust.

    But in order to trust our lawyer, he must have inspired us and still, unfailingly and continuously, inspire us with his integrity, credibility, seriousness and prestige. If, hopefully, he did not succeed with us, how will he succeed in court, clients and colleagues while defending our interests?

    2. Strategy And Details

    It is usually easy for any lawyer to deal with our affairs. But is that all we need? We must not forget that our legal advisor must develop a strategy for handling each case (small or large). And it is certain he will do well if he can be two steps ahead of others – not just one. But this strategy should be dynamic. At all times, and depending on the developments, its correctness should be assessed and, when necessary, revised. Caution! We are not only interested in the “forest”, we are also interested in the “trees”. No single case was won by strategy alone. It is necessary to look into the details that our counterparts and contractors have not identified. Our Attorney is the right person to deal with them-better not you!

    3. Knowledge And Experience

    No one would like to (and should not) choose an “illiterate” lawyer or someone (who thinks he) “knows everything”. An appropriate legal advisor is not only he who has the appropriate scientific knowledge and expertise, but also, he who has the courage to accept the limits of his abilities. And for the rest to refer (or he himself to address) to the experts. And if, hopefully, our lawyer, focusing on our pocket or to impress us, makes us believe that “he knows everything and that he can do anything” you should introduce him to me. Because I still believe that there is NO such a lawyer.

    4. Consistency, Judgement And Perception

    What is more attractive than the spiritual consistency and the satisfactory, at least, judgment and perception? Does anyone imagine a lawyer who not only is he not able to perceive those that happen but is also unable to decode them and use them in his client’s benefit? Does anyone imagine a lawyer without analytical and, at the same time, synthetic thinking? And more over: Does anyone imagine a lawyer whose speech (spoken or written) is not understood or attractive? We must not forget that every lawyer has listeners, judges or co-contractors before him. And if he cannot bring the interest of the listener or reader to what he himself supports or, worse, be understood in the formulation of his thoughts, he probably should not be our legal advisor.

    5. Negotiating capacity, Persuasion And Passion

    And if I take for granted the judgment and perception of the lawyer we have chosen, I should also take for granted his negotiating capacity in the defense of our affairs and interests. It is precisely in this capacity that our legal advisor must be able to convince the people he is dealing with on our behalf.

    But it is a prerequisite that he himself has been convinced. And more over: to defend us and our interests with passion. For if he is not convinced himself, and is confined to the simple, lukewarm, quote or reading of our argument, we must also assume that even the people he has before him will not be convinced.

    6. Qualitative And Quantitative Performance. Speed Of Response And Availability

    We cannot expect from our lawyer anything less than the best. The best in quality, the most in quantity and at the right (fastest) time. And that because, think of a lawyer who does his job extremely good thus without respect (or commitment) to procedural deadlines or to the client’s business needs. A lawyer that has been just today able to start working on the job he was assigned with a month ago. And to complete it, “God will provide” …

    And just to meet our needs, experience has shown that it is not possible for a lawyer to invoke or use a timetable, to divide the days into working and unparalleled, or to systematic lack, for whatever reason, availability and inability to communicate. Availability is required when and wherever needed!

    7. Efficiency

    We have all met competent people who, however, are unable to focus on the outcome and often to succeed getting one. And it is true that each interested person, by nature, always wants to win (whether he says it or not). However, it is important that our attorney focuses on the best result and does not leave “incomplete” his or her relative effort either by indolence or by indifference or for any other reason. It is important that our lawyer does not leave the case file aside before completing whatever is necessary and possible.

    8. Calmness And Sobriety

    When someone reaches the point of seeking the advice or assistance of his lawyer, it means that a matter of importance is of concern to him. Sometimes these issues prove to be complex and highly complicated. And some others, are reaching the point of crushing, with their consequences, those concerned. And here is the need for an appropriate legal advisor: not to share (client’s) panic attack (but eventually), to decode the data and put them in their true dimension, to propose the appropriate strategy, but also to implement it, to select and oversee the individual solutions.

    Crisis management (whether it refers to smaller or larger or / and really big crises) is, beyond any doubt, an almost daily necessity to which our legal advisor must successfully respond.

    9. Self-Confidence And Ability to Collaborate.

    We all know what a lack of self-confidence means. And if we refer to children, we can reasonably look forward to strengthening it over time. But if we meet the lack of confidence in our doctor or lawyer, can we have hope? It may be the case if, in order to strengthen it, he will appeal to willing and better than its own colleagues. But if such are not available or are already tired of him? If he tries to “cling” to our own thought and opinion to choose or strengthen his own? He’s probably not the appropriate lawyer.

    It also does not seem for our legal counsel to be the right person if he lacks team spirit and of the ability to co-operate with the useful and necessary persons, to recognize their assistance and contribution and the fact that he relies (to any extent) on those. If our lawyer needs a confirmation of his skills by concealing the necessity of collaborations and of his associates, we should probably start to doubt both his abilities and him.

    And something more: Our legal advisor should have leadership skills, he must be able to set up a team and manage it for the best result but also to “take upon himself” our case. But, in particular: to be in a position to remove the burden that our case, personally, and fair, creates.

    10. Does He “Lay Down A Part Of His Life” For Your Cases?

    And if we identified the appropriate lawyer who has “everything in the world” -and more and even more, there is one last question: Do we feel that our lawyer deals with our affairs, simply as a good professional or that, in addition, he lays down a part of his life for them? If the second ALSO happens I think we should not leave him.

    He is the one who will do what is humanly possible for us and for our interests, the one who will “turn night into day” and who will “upset everything” for us. It is he who is honestly happy with our joy and who does not “give up” in our dead ends. He is the one who will continue to fight until victory or up to the end. He is the one who deserves to be OUR LAWYER!!!

    So, is your lawyer the proper lawyer, legal advisor and counsel? I guess you have, already, concluded…

    [/vc_column_text][/vc_column][/vc_row]

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.