Koumentakis

Tag: koumentakis and associates

  • Sociétés Anonymes: The new law

    Sociétés Anonymes: The new law

    The agreements of an SA with its main shareholders, the members of its BoD and with related parties: The correction of the “wrongly raised” issues

    The seriousness of the matter and how the new law on SAs deals with it

    The issue of the agreements signed between a Société Anonyme and its main shareholders, members of its Board of Directors and related parties is one of the most important issues that the new Law (Law 4548/2018) was required to deal with for Sociétés Anonyme.

     

    Our work with this particular issue

    This particular issue has already been addressed in the recent past (in the column “Business: Law and Practice” in the Sunday edition of the newspaper Makedonia on 18.11.2018), but also in a previous article on the blog of our law firm.

    In summary, in the above-mentioned article on the blog, among other things, we mentioned: “Based on the options of the new law it is NOT entitled to participate in the decision-making process in the Board of Directors and the General Assembly the member of the BoD or any shareholder, who derives interest (directly or indirectly) from the particular transaction. It is noteworthy that the final decision belongs to the General Assembly, which is convened on this issue at the request of 5% (only) of the share capital. Only the remaining shareholders – in practice, i.e. ONLY the (usually one) minority shareholder – can vote in this particular General Assembly”.

    This choice … is expected to lead to exactly the opposite effects to those that the Legislative Committee was looking at: The privilege of 5% minority shareholders to decide unilaterally on the matters relating to the company’s relations, for example, with the shareholder of the majority is expected to lead to abusive (and / or extortionist) behaviors.

    …Therefore, there is no doubt that there is a strong need to find a different solution. For example, to return to the former (safer and fairer) “regime” (article 23a of Law 2190/1920): Shareholders who derive interest from a contract are entitled to participate in the General Assembly that will provide the final approval, but the authorization to conclude it will be provided only if the 1/3 of the share capital represented in it does not oppose.

     

    The activation

    This issue was a matter of particular concern for a Body of our city (which, for reasons of modesty, has asked for its involvement not to be mentioned). We worked together to achieve the best solution. With our law firm’s letter dated 6.11.2018, we recommended the amendment of the critical provision (Article 100 (5)) of the new law.

    In the Body’s letter dated 13 November 2018, addressed to the competent ministers, there was asked for the pre-existing legislative provisions on non-listed companies to be reintroduced. It mentioned, among others:

    “It is therefore necessary to return to the previous regime (article 23a of Law 2190/1920) according to which the shareholders affected by the decision may take part in the General Meeting in question, but the authorization to conclude the contract will only be given if the 1/3 of the share capital represented in the General Assembly does not oppose

    In the context of the above, there is no doubt that there is an urgent need to restrict the provision for the application of Article 100 (5) of Law 4548/2018 to listed companies and to amend it as soon as possible as the new law comes into effect on 1.1.2019”.  

    The response of the political authorities

    We are accustomed to addressing to the “ears of those who will not listen” when we rush to the competent authorities for any issues – sometimes critical. In this case, however, the prementioned activation seems to have been completely effective. Through an amendment that has already been submitted to Parliament for voting, it is expected that paragraph 5 of article 100 4548/2018 be amended in the proposed direction.

     

    The Explanatory Memorandum for the amendment of article 100 of Law 4548/2018

    This explanatory memorandum verbatim states:

    “7.   With paragraph 7, paragraph 5 of Article 100 of Law 4548/2018 is amended in order to alleviate the consequences of the full ban to vote for the shareholder who will participate in the General Assembly that will provide the authorization in order for the company to conclude a transaction with a related party, should (this shareholder) be this related party. While Directive 2017/828 provides that in this case the shareholder does not have the right to vote, thus, it allows the provision of interim solutions if the interests of the minority are protected. Given that the abstraction of the vote applies, in accordance with the Directive, only to listed companies, it is appropriate not to apply the prohibition to non-listed companies, while for those listed there is an intermediate system where voting rights are preserved in the assembly provided that the independent members of the BoD have reached a majority agreement on the granting of the authorization. It is added that in every case (both listed and non-listed companies), the minority of 1/3 of the capital represented in the meeting has the right of veto to the granting of the authorization, as provided for in Article 23a (3) of Law 2190/1920. It should be kept in mind that according to par. 4 of article 100 of law 4548/2018, if, prior to the general assembly’s decision, the transaction has already been concluded, a minority of 1/20 has the right of a veto”.

     

    The introduced amendment and the amendment to the disputed (problematic) provision

    The introduced amendment verbatim states:

    “7.   At the end of paragraph 5 of Article 100, paragraphs are added as follows:

    “This does not apply (a) to companies with shares not listed on a regulated market and (b) to listed companies if the authorization of the Board of Directors pursuant to paragraph 1 was granted with the agreement of the majority of its non-listed members. In any event, the authorization by the general meeting is canceled if shareholders representing one third (1/3) of the capital represented in the meeting object to it”.

     

    The problem “with the potentially dramatic consequences”: NO longer exists

    The aforementioned activation (with the assistance of our Law Firm) proves to have had the desired effect: The problem “with the potentially dramatic consequences” (i.e. the 5% minority being a regulatory factor for critical decisions with the assumption that the company and shareholders will be involved in long-standing litigation) will not exist since the very beginning of the implementation of the new law.

    We can be both happy and proud.

    Congratulations, however, must be given to those who have decided to activate while refusing to submit to (the usual) practices of introversion.

    stavros-koumentakis

    Stavros Koumentakis
    Senior Partner

    Υ.Γ. A short version of this article has been published in MAKEDONIA Newspaper (December 30, 2018).

    ανώνυμες εταιρείες

  • GDPR: The Next Day. The Regulation in the context of employment

    GDPR: The Next Day. The Regulation in the context of employment

    [vc_row][vc_column][vc_column_text] The European Regulation “on the protection of natural persons with regard to the processing of personal data”, adopted on 27 April 2016, is directly and across the board applicable (throughout Europe) since 25.5.2018.

     

    Basic declarations

    It is a “convenient” myth that we (should) expect for the Greek legislation to decide on how we adapt. There is a draft law (its consultation was completed in March 2018), but it has not yet been adopted nor is necessary to be. The Regulation applies as is.

    It is accurate and not a (malicious) exaggeration that all businesses process personal data. Sometimes even “sensitive”: Like those of their employees. Thus, businesses need to adapt according to their strengths and (in particular) depending on the potential impact of the data leakage they process, that is, depending on the number and degree of “sensitivity” of the data.

    It is also accurate that the Regulation is not entirely clear on all points. However, we have been armed with the relevant interpretative tools. Such as, for example, the views of the Working Party of the 29-member Group of Member States’ Data Protection Authorities.

     

    The role of GDPR in employment relationships

    What is the role that GDPR plays in the relationship between the Employer and the Employee and which are the main obligations of a business?

    1. To train the Employees on the processing of third-party data it processes in the context of the provision of its services, in the wide sense of awareness and cultivation of new habits.
    2. To re-approach the employment contracts with the addition of the employee’s obligations with regard to the development of a new corporate culture. (Which is) The adaptation of a new modus operandi, as such is required as mandatory by the Regulation.
    3. First of all, to inform employees on the processing of their data. In particular: for the categories of their data to be collected, their retention time, the purpose and the legitimate basis for their processing, their possible transmission to other organizations (or other countries), and above all for their rights as identified in Articles 15 to 22 of the General Regulation.

     

    The consent

    It is thus very important to be noted that the employers are obligated to inform their employees on the processing of their personal data which are necessary, thus, not to obtain their consent. Such consent would be contrary to the spirit (objective) of the Regulation for the following two reasons:

    (a) Consent must be the “last resort” of a legitimate base for processing as it presupposes true freedom of choice and is revocable. It would be misleading make an employee think that if he/she does not give or withdraw his/her consent, it is possible for the employer not to ask for or delete the necessary personal data of his/hers: In fact, the labor and insurance legislation as well as the performance of the employment contract impose the processing of specific personal data of the employee.

    (b) Consent must be given freely. The relationship between the employee with the business is characterized by a certain imbalance of powers, leading to a “forced” and therefore to an illegal consent.

     

    GDPR is a cumbersome Regulation which, however, carries a significant gift: Extrusion into a change of mentality.

    Petrini Naidou
    Senior Associate

    P.S. This article has been published in Greek in MAKEDONIA Newspaper (December 23, 2018)

  • Cyber Attacks And The Role Of The Legal Advisor

    Cyber Attacks And The Role Of The Legal Advisor

    [vc_row][vc_column][vc_column_text] “There are only two types of companies: those that have been hacked, and those that will be”, said on 2012 the then FBI Director Robert Mueller.

    Despite the digitization of information and the use of electronic networks to deal with transactions and operations, it is obvious that most companies in Greece are not aware of the risks they face as well as their customers’ data from cyber-attacks.

    The legal consequences of data leakage due to cyber-attacks are always serious. On the one hand, the injured third parties are entitled to bring legal proceedings against the company for the leakage of their data while on the other hand, the competent authorities must impose the fines provided for by law.

     

    The Νetwork And Information Security Directive

    Most are now aware of the General Data Protection Regulation 2016/679 (also known as GDPR). Few, however, are aware of the Network and Information Security (2016/1148), which also had to be incorporated into the domestic law of the Member States in May 2018.

    With the above-mentioned legislation, the European Union strengthens its attitude towards corporate responsibility for failing to protect and secure data management. Both of these laws provide for unfavorable consequences for the company for data leakage.

     

    The Role of the Legal Advisor

    The duty of the Legal Advisor is to ensure the correct implementation of legislation and best practices, to mitigate the consequences of any breach and, in particular, to harmonize the entire company to comply with the Incident Response Plan, which every company must have. A Response Plan to Cyber- Attacks indicatively includes:

    • The composition of the crisis management team and when / how it is activated.
    • The heads of the action groups, and when / how they are alerted.
    • The person who decides (and the decision-making deadline) for the total shutdown of the company’s networks or the continuation as an attempt to identify the origin of the cyber-attack.
    • The documents that will document the time of cyber-awareness and the actions that have taken place.
    • The communications officer who (possibly) will handle the communicative part of the revelation.

    Your legal advisor knows what actions are required to make clear to the authorities that the company has done its best on both preventive and post-data leakage as well as to collect the appropriate evidence. The role of the legal advisor is also critical for the preparation of a report that will clearly and easily identify the causes of the leakage and the persons responsible for such.

    Also, the company’s legal advisor will identify the most likely sources of risk and will be able to negotiate the content of the proposed insurance contracts and eventually recommend the conclusion of the appropriate insurance coverage contract against cyber-attack.

    All the above actions of the legal advisor (internal policies, Response Plan, Insurance Coverage), but mainly the alignment of the company with everything that is provided to this respect, can only result in the increase of the trust of its clients and associates towards it.

     

    Lambros Timotheou
    Partner

     

    P.S. The article has been published in MAKEDONIA Newspaper (October 21, 2018)

     

  • The Newspaper MAKEDONIA Is Back With Us

    The Newspaper MAKEDONIA Is Back With Us

    [vc_row][vc_column][vc_column_text] The historical newspaper MAKEDONIA is again since the 9th of September in kiosks and in Koumentakis & Associates Law Firm we feel very happy to support its success as Legal Advisors.

    With the comprehensive legal support of Koumentakis & Associates Law Firm, the historical newspaper of Thessaloniki (and Northern Greece) is back in the kiosks, while its online version www.makthes.gr has been already … released (since 3 September). As Stavros Koumentakis, Senior Partner, characteristically said, “The dream came true. Thanks to innovative partnerships, innovative planning and tireless efforts. In “Koumentakis & Associates” we feel a special honor that the participants have trusted us with the legal dimension of the whole project and, above all, we are proud that we have provided our small contribution to the realization of the dream. Wishing “BEST OF LUCK”, let’s enjoy the amazing journey together …”.

     

    The project

    εφημεριδα μακεδονια ιστορικη αξιοπιστη

    The efforts to re-issue the newspaper MAKEDONIA began almost immediately after its suspension. A team of 24 employees with vision and plan moved quickly. They decided that there was a need for a scheme that would not be based on self-managed practices or on classic investment. The ideal scheme would make the most of the employees of “MAKEDONIKI” but would be financed by businessmen.

    Employees ensured the right to use the titles of the two newspapers in Thessaloniki in exchange for a portion of the accrued that the company owed to its employees. They then created a Social Cooperative Enterprise (SCE) and finally sought funding. In order to re-issue the newspaper MAKEDONIA, it was necessary to engage with entrepreneurs doing business in the area of ​​Northern Greece. In the context of building this partnership, a fully-fledged business plan was created that guarantees the viability and prospect of the venture. It is worth noting that the profits of SCE will be distributed in the following way: 33% for employees, 33% for reinvestment for development activities in the same context (e.g. publication of pullouts) and 33% as a reserve for further growth.

     

    The Stakeholders

    “None of the twenty entrepreneurs involved in the project expect profit or other economic benefits. The multiplicity of the project combined with the quality of the entrepreneurs and the journalists involved in it guarantee the validity of the information” says Vassilis Takas, industrialist and chairman of the new publishing company’s Board of Directors.

    Such an innovative publishing model requires an overcoming of the rigidities of the past. “We want to overcome the old stereotypes about “bad bosses”. Entrepreneurs, for their part, have to avoid a speculative logic and stop fearing of the wage costs”, says Michalis Alexandridis, publisher and director of the publishing project. “I think that we are all in the same vein, and that, will benefit the city and the media. We are all committed to abstain from practices that have been established and still plague the country, such as nepotism, bribery and corruption. We believe that the new media will respect their heavy names, their history and their ties with the Thessalonians and the Northern Greeks in general”.

    The 11-member board of the company that will issue the newspaper MAKEDONIA and will be responsible for the operation of makthes.gr was formed as follows: Vassilis Takas President. Michalis Alexandridis executive vice president – publisher – publishing director. Hasdai Kapon vice president. Leonidas Fakas Vice-President. Panagiotis Alexandridis Managing Director. Members: Yiannis Masoutis President of the Chamber of Commerce and Industry of Thessaloniki (TCCI). Thanasis Savvakis President of the Federation of Industries of Northern Greece. George Konstantopoulos, President of Exporters’ Association of Northern Greece. Giorgos Bikas President of Imathia Chamber of Commerce. Panayiotis Menexopoulos Secretary General of the Chamber of Commerce and Industry of Thessaloniki (TCCI). Stavros Koumentakis lawyer – legal advisor of the company.

    Statement by Stavros Koumentakis In the Newspaper

    δηλωση σταυρου κουμεντακη στην εφημερίδα μακεδονια

    “From early on I believed in the project of re-publishing the historical newspaper of our city, and that not for emotional reasons. The certain needs of our city, the breadth of the shareholders structure, the severity of the investors-shareholders, the inability to promote personal or party strategies, the technocratic approach of the stakeholders and, above all, the brilliant journalistic group and its dynamics are the necessary, adequate and capable elements for success. We are happy about the first edition, confident of the result and proud to contribute aligned behind the press team, fulfilling a debt to the city. I take it for granted that also the Thessalonians will embrace the effort with equal fervor.”

    The Historical Newspaper MAKEDONIA

    The newspaper MAKEDONIA is the oldest political newspaper in Northern Greece. It was founded in 1911 (its first edition was published on July 10, 1911 – with the new calendar on July 23, 1911) by the publisher Konstantinos Velidis. After his death (1936) his son, John Vellidis, took over. After the death of the latter (1978), his wife, Anna Vellidi, took over and from 1980 her daughter Katerina Vellidi. In the summer of 1996, the newspaper was closed down because of indebtedness, to be then re-released in early 1998 by its new owner, businessman Yannis Raptopoulos. The newspaper suspended its issue in October 2017 and was re-released on September 9, 2018.

    In the head of the newspaper, succeeding Konstantinos Dimadis, a historical figure for the family of journalists, who served as editor-in-chief and director of the newspaper for 62 years (1931 to 1993), were also the journalists, Nikos Vourgountzis, Giannis Nikolopoulos, Lazaros Chatzinakos, and many others . Dimitris Chourmousios, Dimitris Psathas, Kostis Palamas, Stratis Myrivilis, Georgios Vafopoulos, Archelaos and others were among the newspaper’s associates in the past.

    The leads of the newspaper include the introduction of an early form of monotonic system, many years before its establishment as the official written usage of the Greek language as well as the fact that it was the first Greek newspaper to be published online. [/vc_column_text][/vc_column][/vc_row][vc_row][vc_column][vc_text_separator title=”Gallery” border_width=”3″][/vc_column][/vc_row][vc_row][vc_column][vc_images_carousel images=”36012,36014,36010,36016″ img_size=”full” speed=”6000″ slides_per_view=”5″ hide_pagination_control=”yes”][/vc_column][/vc_row]

  • Voluntary Benefits In The Context Of Modern Labor Relations

    Voluntary Benefits In The Context Of Modern Labor Relations

    [vc_row][vc_column][vc_column_text]

    Voluntary Benefits: “What is, ultimately, in force?”

    The offer of benefits to an employee, in addition to the agreed salary

    (whether this is the statutory or higher than that), is a practice of several employers, which in the last years of the deep economic crisis tends to become an established practice.

    These benefits are classified as “voluntary” and may be a certain amount of money, a benefit in-kind (e.g. vouchers for supermarket purchases, food, meals during work) or even an expenditure on behalf of the employee (e.g. conclusion of a group insurance contract and payment of the premiums).

    As a result of this practice, the employee receives the salary agreed with the employer and in addition, actually, earns more “income” during the employment relationship, which is valued at the amount of the benefit offered. The fact that these benefits are paid in the course and because of the employment relationship, often gives rise to a confusion as to their nature and, in particular, to whether they can be characterized “salary” for the employee.

    The answer to this question is not simple and has repeatedly addressed the Greek courts at the highest level. However, it should be noted that this question has, even beyond the legal, also a business- and of course economical dimension, as for many entrepreneurs the adoption or not of such a choice, is a central question.

    An initial response to these questions is attempted here.

     

    Is it an Employer’s Right Or Obligation?

    In principal, the offer of these (voluntary) benefits takes place in the context of the exercise of the employer’s freedom to give to the employee “something extra” to the salary that has been contractually agreed upon. Thus, the employer (should) be able to discontinue the offer of each voluntary benefit at any time and without providing any reason while the employee cannot be able to raise a claim for the continuance of such offer.

    However, it is possible that the offer of a voluntary benefit become a business practice (custom) due to its continuous and long-term granting and to its acceptance by the employee, which results in a tacit agreement between the employer and the employee that the benefit is part of the latter’s salary. In this case, the employer is obliged to offer the benefit and can no longer stop granting it unilaterally.

    However, if the employer, at the beginning of the offer of a benefit, makes it clear to the employee (e.g. in the employment contract) that he reserves his right to discontinue its grant at any time, without justification and without the agreement of the worker, thereby formulating the so-called “reservation of liberty”, it cannot – in any event – be considered that the benefit has a salary nature and therefore the employee will not be entitled to claim its payment.

     

    Employer’s “Reservation of Liberty” And “Withdrawal Clause”:
    The Distinction of the Legal (And also Economical) Consequences of Each

    The Arios Pagos (Supreme Court of Cassation) for the first time its decision with the no. 1174/2017 separated the concept of the “reservation of liberty” from that of the “withdrawal clause” which the employer may enter at the beginning of the granting of a voluntary benefit.

    In the case of the “withdrawal clause”, the employer may discontinue the benefit by exercising the right to withdraw by a unilateral declaration addressed to the employee. As a result, both the “reservation of liberty” and the “withdrawal clause” allow the employer to unilaterally discontinue the offer of the benefit.

    There is, however, a substantial difference between them: Entering a “reservation of liberty” rules out the creation of a business practice (custom) and thus implicit contractual commitment of the employer to provide a benefit and the employee’s corresponding claim for its payment. On the other hand, entering a “withdrawal clause” does not function in the same way: the employee’s entitlement to the benefit is born thus the exercise of the right of withdrawal results in the loss of that claim for the future.

    As soon as the worker becomes entitled to the benefit, this amount should be taken into account for the purposes of determining both the severance allowance and also any other benefit of the employee provided by law and for the determination of which the amount of the salary paid is taken into consideration (indicatively: ad hoc bonusses). As the choice of one or other clause has direct financial consequences for the burden on the business, the particular value of this distinction is easily understood.

     

    dikhgoriko-grafeio-koumentakis-kai-synergates-law-firm-

    The Real Dimensions of Voluntary Benefits in Labor Relations

    More and more companies, burdened by the unreasonably diverse charges on business nowadays, seem to face voluntary benefits as a means of limiting their contractual obligations towards their employees and hence saving (or potentially saving) costs. The procedure followed is more or less common for both the current employees of the company and for those in recruitment: both are required to accept as a fixed remuneration a certain amount, which is however split down to the statutory minimum wage (which will be mentioned in the employment contract) and to the remaining amount that (explicitly or implicitly) will be offered to the employees as one of the above-mentioned types of voluntary benefit.

    On the one hand, the current employees agree to sign an amendment to their contract of employment, in which the reduction of their salary to the statutory minimum is recorded, while the ones in recruitment agree to sign a contract of employment accepting the statutory minimum salary as a conventional salary. Both categories of employees aim at more permanent compliance with the additional voluntary benefit, which will complement the amount of the agreed salary.

     

    Voluntary Benefits: Its Tax Treatment

    As far as taxation is concerned, the legislator does not deal with the voluntary benefits in a consistent way. In principle, the general taxing rule applies for their taxation, if their value exceeds € 300,00 per year. However, the sub-cases of how to determine their value, but also the explicit exceptions to the rule, are several (and related to the amount of benefits per category envisaged), so that the employee must search in which sub-case the benefit he receives is categorized in order to know if he will be taxed for this benefit. A typical example of this is the coupons for food (i.e. the widely used coupons for the supermarket), which are not taxed if they do not exceed € 6,00 per day, or € 120,00 per month.

    For the tax legislator, therefore, the legal characterization of the benefit is irrelevant, but the amount of the benefit is particularly important.

     

    By Way Of Conclusion

    The choice of companies to offer voluntary benefits under employment contracts (whether offered freely or freely withdrawn) is increasingly adopted in the context of a reasonable effort to derive a legitimate benefit or to reduce unfair costs. In any case, particular attention should be paid to the wording of the relevant provisions and clauses in order for the maximum benefit to be achieved and for the risk to be minimized.

    The contribution of the lawyer (and in this case) also legal advisor is particularly important.

    Evdokia Kornilaki
    Senior Associate

    [/vc_column_text][/vc_column][/vc_row]

  • Participation in SAMARAS & PARTNERS’ Workshop for GDPR

    Participation in SAMARAS & PARTNERS’ Workshop for GDPR

    [vc_row][vc_column][vc_column_text] KOUMENTAKIS & ASSOCIATES Law Firm was invited and participated in the workshop for GDPR organized by SAMARAS & PARTNERS, in which Mr. Constantinos Kornilakis, Partner of KOUMENTAKIS & ASSOCIATES, made a presentation entitled “Introduction to the institutional framework for the protection of personal data: Rights and Obligations”.

    The workshop, which has been a great success, was held at the Thessaloniki International Fair (TIF) with the support of the Exporters’ Association of Northern Greece and had the topic “The New European Regulation for the Protection of Personal Data (GDPR) and Useful Tools for Cyber Risk Insurance”.

    hmerida-samaras-for-gdpr-speakers-panelThe purpose of the workshop for GDPR was to inform companies on the requirements of Regulation 2016/679 (GDPR) and on the basic guidelines and actions that each company should take to comply with the Regulation. In addition, useful tools for cyber risk insurance were presented by AIG GREECE.

    Mr. Grigoris Tassios, President of the Panhellenic Federation of Hoteliers, and Mr. Kyriakos Loufakis, President of the Exporters’ Association of Northern Greece, welcomed the participants and contributed to raising awareness and concerns of the stakeholders and in this context, of the entrepreneurs, scientists and representatives of the organizations that attended the workshop. The event was dynamic, and the participants contributed in a constructive manner to the exchange of views and the promotion of fruitful dialogue.

    hmerida-samaras-for-gdpr-speaker-samaras

    The opening statements of the workshop for GDPR were:

    • “Introduction to the institutional framework for the protection of personal data: Rights and Obligations”, Constantinos Kornilakis, Partner of KOUMENTAKIS & ASSOCIATES
    • “Requirements – Harmonization Guidelines – Indicative Technical and Organizational Measures”, Christoforidis Giorgos, General Manager of SAMARAS & ASSOCIATES LTD
    • “Cyber Risks and Personal Data Leakage: The Last Line of Defense”, Kostas Voulgaris, Financial Lines & Casualty Manager of AIG HELLAS

    hmerida-samaras-for-gdpr-the-team

    [/vc_column_text][/vc_column][/vc_row]

  • Cyber Risk: The Role Of The Legal Advisor

    Cyber Risk: The Role Of The Legal Advisor

    [vc_row][vc_column][vc_column_text]

    Cyber Risk: Does It Concern Everyone Or Exclusively The “Elite” And “Famous People”?

    “Many people working in cybersecurity will tell you that it’s not a question of whether a company shall suffer a cyber-attack but of when it will suffer it in any form. Whether you have been cyberattacked and you have not been aware of it or you have been cyberattacked and you know it, or you will be cyberattacked sometime in the future”.

    This is Martin Felli’s statement (CLO of JDA Software, one of the world’s largest software companies for logistics companies) to Dominic Carman, who conducted a special survey for Kroll.

    What Felli says is in fact an explanation of the statement of former FBI Director Robert Mueller who had already since 2012, stated that: “There are only two types of companies: those who have been already hacked and those that will be hacked in the future”.

    Despite the continuous digitization of all kinds of information and the use of electronic networks to carry out all sorts of transactions and operations, it is more than obvious that most companies in Greece are not aware of the risks they run themselves as well as their customers’ data from of every kind and form of cyberattacks.

    But why should your legal advisor deal with this issue? Isn’t it a matter of IT?

    In order to attempt a satisfactory answer to this question, we must set our sights to the recent past …

     

    Τhe Disclosure Οf Loss Οr Leakage Οf Information Αnd Its Consequences-General.

    The demonstration – disclosure of a loss or leak of information of any nature (whether it is a customer’s personal data or business secrets) starts with admitting publicly this leak. Such public action can be made either to the general public or to a limited circle of persons and legal entities whose data has been lost or leaked due to the cyberattack.

    In either case (: admitting publicly or limitedly a cyberattack) the legal consequences are always serious. Third injured parties are entitled to bring proceedings against the company that has suffered a cyberattack while the competent authorities have to impose the fines provided by the existing institutional framework. The extent of the damages to be awarded and the fines to be imposed will always be directly proportional to the extent of the leakage and the severity of data lost or hucked.

    In both cases (: in the first one immediately, in the second on time) the inevitable publicity attracts media’s interest and causes, inevitably, a serious damage in the company’s prestige and reputation. This second consequence of a cyberattack is similarly severe (sometimes even more) than the legal consequences of such disclosure (lawsuits, administrative fines, criminal liability).

     

    “There Has Not Been A Thorough Investigation Of The Causes Of the Leak Of Information”: Yahoo Case

    Relatively recently (in 2016), Yahoo has revealed two separate incidents of data hacking by hackers who have gained access to data for a billion users (the number actually causes vertigo). The first incident occurred in 2014 and was initially kept secret. But when 2016 a second violation took place the company was forced to make a total disclosure.

    The shock to the business world of the United States was so great that a detail perhaps went unnoticed: The first to resign was Yahoo’s Head IT (: as expected) but the second was the Chief Legal Advisor. Why, though, this second resignation?

    The Special Commission appointed by the Yahoo Board to investigate leakage circumstances, both in 2016 and 2014, considered that the whole group of Yahoo’s Legal Advisers failed to investigate thoroughly the causes and circumstances of the breaches in 2014. Notwithstanding the fact that it also had the data and conditions to do so. This particular failure by the legal counsel team had as a first result that no substantive measure was taken, and that, as a final and yet dramatic (result) to allow the widespread violation of 2016.

    What was the duty that Yahoo’s Chief Legal Advisor omitted? What is the responsibility of the Legal Advisors of a company?

     

    The Changes Brought In The Global Business Environment By The EU Regulation GDPR And The NIS Directive

    In 2016 the European Union legislated two major legal instruments: the General Data Protection Regulation 2016/679 and the Network and Information Security Directive 2016 / 1148).

    Many people are already aware of the first of them (GDPR). However, the second is ignored, despite the fact that it must also be incorporated into the domestic law of the Member States from May 2018. Member States are obliged to identify by November 2018 the operators and service providers of basic services (who now have increased responsibility for maintaining high security measures).

    These laws will affect (more precisely: they already affect) directly and in one way or another all the companies that process Personal Data of European citizens. It is emphasized that they affect not only European companies but also non-European Union entities that process Union citizens’ data.

    In Europe (as in North America earlier in the past), something important is changing in relation to the assessment of the risks posed by electronic data processing. The attitude of the legislative and auditing authorities appears to be abrupt and significant. With the above-mentioned legislation, the European Union is spearheaded on the issue of corporate responsibility for failing to protect and securely process information that in one way or another is processed by the companies.

    Both laws, apart from all their other consequences and the multiple regulatory compliance parameters they create, are also adding further adverse consequences in the event of a cyberattack that may result in data leakage.

     

    The Role Of The Company’s Legal Advisor

    In this context of the rapid (but at the same time important) changes in business behaviors and practices brought by the current legislative trends, the role of the Legal Advisor of a company proves to be extensive and, at the same time, crucial.

    The Legal Advisor of a company, as the head of the team concerned, owes to design, supervise and test in advance an Incident Response Plan for the case of a cyberattack.

    Perhaps it seems strange that a lawyer and not the IT Manager is at the head of such an effort. However, only in this way can there be effective protection of the company’s interests against the consequences of a possible loss or leakage of data.

    In the technical part it is obvious (and self – evident) the assistance of the specialists who will identify the type of invasion, the exploitation weakness, the identification of the volume of data leaked, etc. However, the main concern of the Legal Advisor will not only be disclosing to the management and the responsible employees of the company, but also ensuring the best implementation of the laws and best practices, mitigating the consequences of any breach and, in particular, harmonizing all the departments of the company in the implementation of the Incident Response Plan.

    Your Legal Advisor (ought to) know those provisions (before cyberattack) and the actions required (after cyberattack and data leakage) to:

    • Make clear to the competent Audit and Judicial Authorities that the company has done the best on both preventive (before cyberattack) and post-data leakage.
    • Identify the causes of the leakage, the persons liable, the existence of willful deception or fault that contributed to the leakage of the information in a clear and understandable way (to non-experts).
    • Creating optimal conditions and evidence for seeking to punish perpetrators and / or those responsible for the attack before the competent authorities and bodies.
    • Manage the communication of the consequences of the disclosure of data loss / leakage due to cyberattack.

    The Legal Advisor of the company will identify the specific risks for each of his client companies according to their activity and their exposure to data processing (gap analysis). In cooperation with IT, the Legal Advisor will investigate possible cybercrime scenarios and prepare an Incident Response Plan that will be simple and comprehensible to all executives and departments of the company and, in particular, to a judge who may eventually deal with it later.

    To be clearly understood, let’s take a simple example: The lawyer who defends a client for medical negligence does not need to be a neurosurgeon. It is enough to be prepared to understand the philosophy and sequence of the protocol that his client ought to follow in order to respond to the disputed incident. The Legal Advisor of the company, having understood the technical issues with the valuable help of IT, will “translate” in a comprehensible manner the necessary actions and processes so that they are simple and easy to understand by both the Company’s Management and the employees and by third parties (auditing and judicial authorities).

    It is particularly notable that already in the US and Great Britain, the top law firms have developed their own Cyber Security Division to provide all the services required (legal and IT).

     

    The Issue Of Cyber-Security And Its Integration In The Company’s Regulatory Documents

    On the initiative of the Legal Advisor, the Cyber Security issue must be integrated in the company’s regulatory documents (Internal Working Rules, Internal Rules of Operation, Policies for Data Processing and / or Computer Management etc.).

    For illustrative purposes only it has to be noted that an Incident Response Plan should contain (indicatively – among others):

    • Who are the heads of the action groups, when and how they are alerted.
    • Who decides and within which time framework the (eventually) total shut down of the company’s networks or attempts to resume operations to identify the origin of the cyberattack.
    • Who is the external partner (who may) be involved in system monitoring.
    • What and of what nature are the written notices and reports that will be the proof of the time of awareness of the cyberattack and of the actions that took place.
    • Who is responsible for communication and PR (who may) have to manage the communication part of the disclosure.

     

    Does The Legal Advisor Have To Deal ALSO With The Insurance Against Civil Liability?

    In the same context, the Legal Advisor of the company will accurately identify the most likely sources of risk and will be able to choose the right insurance against civil liability plan in relation to cyberattack. This in contravention of the usual business practice, when the cheapest offer is chosen and the first text / draft insurance contract to be sent by the selected insurance company (which may cover on the one hand absolutely unnecessary risks while on the other hand not cover what is absolutely necessary).

     

    The Link Of The Company’s Good Repute With Its Protection

    All the above actions of the Legal Advisor (: existence of clear regulatory documents, policies, Incident Response Plan, Insurance Coverage etc.), but mainly the alignment of the company and of its executives with what is provided can only have the effect of increasing the trust of customers and collaborators towards it.

    Given that we all want to work with trusted partners, the (regional) benefits of the company are more than obvious: customers see that they are dealing with a serious business partner rather than a “little store”.

     

    Creating The Conditions To Prevent an “Internal” Cyber Attack

    Over the past few years, we have been facing business-secrets violations by (dissatisfied or not, active or retiring) company’s executives in the context of their long-term or opportunistic planning. Our case law has dealt with some individual cases, until now, where executives either wanted (simply) to harm their employer’s company or their personal enrichment or their transfer to a competitor-along with the business secrets of their previous employer.

    The protection of the company by its (malicious) executives, although not automatic or self-evident, is, to a very large extent, feasible, with significant leverage in the existing institutional framework and the Constitution. (http://koumentakislaw.gr/en/blog/articles/enterprises-and-confidentiality/)

    So, what happens when cyberattack comes “from the inside”, that is when the offender is an executive of the company? Is protection and deterrence possible? Is it possible (in the non-desired case) to detect the origin and identify the offenders so as to make an (internal) example of them and for (future) deterrence?

    The Legal Advisor is the one who must create the framework and the background of business secrets. It is precisely in this same context (in close co-operation with the IT section) that he must create the conditions to prevent an “internal cyberattack”, which could seriously damage the interests of the company he represents. He is the first to “raise” the alarm but also the one who should urge the company to establish appropriate policies and procedures for the safe use of the company’s networks, electronic communications, the control of access to the company’s systems and records by its executives.

    By Way Of Epilogue

    The resources available are always limited. The need for their rational management is more than obvious and (also) in relation to the maximum possible protection from Cyber Risk.

    If there is no rapid and thorough identification of the needs and potential risks for the particular company, it is likely that the company’s resources be “spent” in a way that will not be the optimal one.

    Your Legal Advisor can lead you to a more rational and efficient use of available resources and also take the responsibility for coordinating all stakeholders.

    Even if you do not choose to assign to him the specific projects, please just search for his assistance. You can be sure that the result will be infinitely better.

    Lambros Timotheou
    Partner

    [/vc_column_text][/vc_column][/vc_row]

  • Workshop On The Implementation Of GDPR In Tourism

    Workshop On The Implementation Of GDPR In Tourism

    [vc_row][vc_column][vc_column_text] Koumentakis & Associates Law Firm participated in the workshop organized by the Hoteliers Association of Rethymnon, entitled: “The application of the General Data Protection Regulation (GDPR) with emphasis on the tourism sector”.

     

    GDPR in Tourism

    The workshop aimed at the complete presentation of the Regulation on topics such as:

    • The new General Data Protection Regulation: Organization and preparation for full compliance with the new regulatory framework,
    • The Practical Implementation of the Regulation in the Tourism Sector,
    • Tools & solutions for the Security of Information Systems in compliance with GDPR,
    • The critical role of Data Protection Officer (DPO) Education and Certification (ISO 27001, ISMS)

     

    The Attorney-At-Law Konstantinos Kornilakis, Partner of Koumentakis & Associates who represented the firm, referred to the issue of personal data, the obligations and rights of employees and associates and the capabilities of companies to ensure Confidentiality (e-mail monitoring, retrieval of deleted correspondence, recording of data from the computers of the company, etc.). He also referred to the benefits of confidentiality, which are obvious to companies, their clients, their employees and their families, and to the entire industry in general.

    GDPR – General Data Protection Regulation

    The new “General Data Protection Regulation” (GDPR) for the processing and management of personal data in the Member States of the European Union is entered into MANDATORY force on 25 May 2018. The parties are now obliged to manage the information in accordance with the provisions of the Regulation, to take all necessary measures to maximize the security of data management and to be able to demonstrate that they have taken these measures with a credible level of internal preparation. The Regulation provides for specific management procedures and demands compliance by the parties, under severe sanctions.

     

    [/vc_column_text][/vc_column][/vc_row]

  • Companies And Confidentiality

    Companies And Confidentiality

    [vc_row][vc_column][vc_column_text]

    The Importance Οf Securing Confidentiality

    Every company faces a lot of challenges to become and remain healthy, but also to maintain the high standards it has possibly achieved in terms of operation, efficiency and profitability. Maintaining (and, more importantly, increasing) its market share in the geographic areas of its activity requires a series of obstacles to be overcome daily.

    Achieving and maintaining healthy entrepreneurship is always not only a requirement but also an everyday challenge. One of its prerequisites is to ensure that the information that the business identifies as confidential will be maintained as such and, among other things, will not diffuse into competition.

    In some, special cases, the obligation to preserve the confidentiality of the information that is handled by the company is imposed by the institutional framework (see below on personal data). In these cases, the consequences do not refer to the smooth operation and development of the company. The consequences may refer to indefinitely high fines and penal sanctions!

     

    Persons Liable For Confidentiality

    The obligation to preserve confidentiality is an obligation that everyone has. Without exception!

    As the worker or the company’s usher is not excluded the same way (obviously), the executives, the senior management, the CEO or even the main shareholder are not excluded. It is important, however, to stress that this obligation also includes any third party with whom confidential information is shared, e.g. a close associate or consultant of a business.

     

    Form And Way Of Notification Of Privileged Information

    The form of the information is of no importance for its protection: It may be documents, electronic files, even for oral information disseminated to a specific number of persons and pertaining to a particular company or group of companies.

    Additionally, the way of knowing the information covered by the confidentiality obligation is also meaningless. It may be information that (e.g.) an executive has become acquainted with while performing his/her duties at his workplace or even outside such (e.g. at the client’s premises). It may still be information about matters handled by the person responsible for such, colleagues, business associates or consultants of the company. Finally, there may be information on issues related even to customers of the latter.

     

    Privileged Information

    Information covered by the confidentiality obligation may refer to commercial know-how (commercial information: e.g. customer and supplier lists, cost accounting and price calculations, sales strategies, marketing methods, and so on) and / or technical know-how (expertise, technical information). They may relate to the methodology, procedures, planning, data, development and results of any business activity, process, research, product output or service provision. They may relate to procedures, policies, documents of auditing authorities related to the company. It may, in the end, concern any issue of importance for the company.

     

    Particularly, On Personal (Personal and Sensitive Information) Data

    Thus, some of the protected information may even be related to personal data – personal and sensitive information. This scenario adds more obligations for companies as provided by the current institutional framework (EU / 1995/46 Directive incorporated by Law 2472/1997) as well as by the new Regulation (EU / 2016/679) which will be implemented as of 25 May 2018 and beyond – regardless of whether or not the (expected) law which implements it be adopted.

    However, it is not only the additional obligations of companies that are being created by the existing and the new institutional frameworks with regard to personal and sensitive data but also, especially, the threatened sanctions in case of non-compliance and / or violation (for all these issues please refer to the relevant article “Personal Data Protection and Companies”)

    The Obligations Of Executives And Partners

    Contracts that associate all employees and external partners with a company (must) include provisions that restrict the use of information that come to their knowledge during and solely in the context of their cooperation with the company. And even more: (they ought to) regulate the obligations of employees and associates during the period after the expiration of their cooperation (e.g. return of forms, documents, notes, deletion or return of electronic files) as well as the sanctions for breach of their (contractual and post-contractual) obligations (usually high penalties – in addition to general claims for compensation).

     

    Particularly, Decision 1/2017 Of The Arios Pagos (Supreme Court of Cassation)

    This decision has been a landmark on the specific issue.

    By virtue of this decision, it has been accepted that constitutionally protected rights (including the rights of the employees) such as the confidentiality of letters and communication (article 19 of the Constitution), the inviolability of private and family life (article 9C) and the protection of personal data (article 9A C) be limited on the basis of the constitutionally guaranteed principle of proportionality (article 25C).

    Therefore, in the context of this decision, the right to legal protection (article 20 par. 1 C) and of the freedom to conduct business (articles 5 & 106 par. 2 C) of an employer / company could prevail over the abovementioned rights of the employees.

    However, what was, practically, the meaning of the limitation of the constitutionally guaranteed employees’ rights in the framework of this specific and of other similar cases?

    There has been recognized the Employer’s right (whose above-mentioned constitutional rights were deemed to prevail, in the particular case and under the particular circumstances) to:

    • Monitor the electronic (professional and personal) correspondence of its employees as it is imprinted on the computers and on the other means of its company
    • Draw the deleted mail from these computers that constitute its property
    • Record the data obtained from the computers of its company and, in particular,
    • Exercise its legal rights on the basis of data contained in the personal or professional correspondence of its employees which took place through the company’s computers even if they had been deleted in the meantime.

    There is no doubt that this decision is extremely important: The Company does not remain (legally) unprotected against malicious employees who, under the guise of their constitutionally protected rights, attempt to harm it for their own benefit.

     

    When Does The Confidentiality Obligation Recede?

    The confidentiality obligation recedes:

    • when the information to which it refers is public (and a priori) known
    • when there is an obligation to disclose this information arises from the existing institutional framework or is imposed by a competent authority or a competent court.

     

    Confidentiality Provisions In Business Level

    In business level, the provisions that refer to confidentiality are (or should be) normally contained:

    • in the employment contracts, in the service agreements, in work contracts etc. of the company
    • in the company’s Work Rules (where applicable)
    • in the Code of Ethics (or Code of Conduct) of the company
    • in the NDA’s of the company and its customers- clients τόσο της επιχείρησης όσο και των πελατών της (to the extent that the latter apply to the company and, in addition, to its employees)

     

    Confidentiality Provisions Contained Into Legislation – Generally

    In cases where (contrary to what is agreed or what the law requires) the person who breaches the confidentiality obligation causes damage, the person responsible is obliged to restore it in its entirety (losses and damages – article 914 of the Civil Code, moral damage – article 932 of the Civil Code)

    However, irrespective of the civil claims maintained by the injured person against the person responsible, there are a number of criminal provisions relating to the criminal offense of the offender [indicatively: article 370 of the Penal Code (violation of letters privacy), article 370A of the Penal Code (violation of the telephone conversation and oral conversation privacy) , article 370C of the Penal Code (illegal access to an information system) and the related provisions of articles 370B, 370D, 370E of the Penal Code]

    There are, of course, also provisions referring to specific issues arising from the breach of confidentiality, as (indicatively):

    There are, of course, also provisions referring to specific issues arising from the breach of confidentiality, as (indicatively):

    More Specific Provisions

    (a) With regard to personal data breach

    Whenever the confidentiality obligation breach is related to personal data breach, there are administrative, criminal and civil penalties directly or indirectly imposed (also) on the offender.

    On the basis of the existing institutional framework (Law 2472/1997) which is in force until 25.5.2018 – when Regulation 2016/679 –  http://koumentakislaw.gr/en/blog/articles/personal-data-protection-and-companies/ enters into force, there are provided specific administrative penalties (Article 21), criminal sanctions (Article 22) and also civil liability of the offender (Article 23).

    Regulation 2016/679, of course, provides for very serious administrative sanctions (Article 83) and for civil liability for those who violate personal data (Article 82). It is expected that the law currently being drafted will further specify said sanctions or even impose additional (e.g. criminal) for the offenders (Article 84).

    (b) With regard to unfair competition

    Where through confidentiality breach there is also violation of the provisions of unfair competition (Law 146/1914), both criminal penalties (Article 16 & 17) and civil sanctions (Article 18) are provided for.

    (c) With regard to Codes Of Ethics

    It is not unusual for the operation of certain business sectors to be governed by Codes of Ethics. In these Codes, we often encounter a number of provisions regarding the obligation to ensure confidential data as well as sanctions in case of breach. (Indicatively: Code of  Greek Pharmaceutical Conduct – provisions of articles 26-chapter A and 4 of chapter C)

     

    Penalties on Breach of Confidentiality: Legal, Business And Not Only …

    In general, in view of the above, one could say that the obligation to preserve confidentiality directly or indirectly is supported in almost the whole range of law (e.g. civil, criminal, administrative). More specific provisions of the existing institutional framework and of the contractual relationships that have arisen in the course of the negotiations, specify both this obligation and the many consequences of its breach.

    The penalties provided envisaged relate to offenders-natural persons and, sometimes, the directly or indirectly involved companies: those who did not do the appropriate to protect those affected as well as those who urged the offenders into their unlawful actions.

    Thus, the sanctions are not only legal:

    The persons who violate this obligation they also suffer the corresponding personal and professional demerit.

    However, in the case of companies where the offenders were employed, the consequences are sometimes unbearable: For how long can a company operate when data, personal data (or even worse sensitive personal data) of its customers are loaded into the Internet? For how long can a company operate when its critical business secrets (whether it’s recipes or clientele, or production or marketing methods or whatever) are diffused to its competitors?

     

    Necessity Of Compliance And Consequences Of Non-Application Of Confidentiality – The Role Of The Legal Advisor

    Storing and disseminating information (also at business level) is an element of everyday life-one that does not seem to be differentiated from vital, human, functions..

    Safeguarding the integrity and confidentiality of information, notwithstanding the avoidance of the aforementioned sanctions, ensures the existence of high professional standards (in particular) for the companies concerned. This fact, inevitably, is reflected in its existence and development, in its relations with its customers and suppliers. It is reflected into the shareholders, the employees, the associates and their families.

    There is no doubt that securing confidentiality is an obligation of all those who are directly or indirectly involved in operating a company. However, the responsibility of the legal advisor is a little more special as he/she has the burden of: (a) informing the parties involved; (b) creating a coherent grid of contractual and other regulations, dissuasive to be breached; and (c) managing the critical situation created in the case of violation of any kind of confidential information.

    It is also not of a minor importance that your Legal Advisor’s involvement in Cyber Risk issues is already covered by Directive 2016/1148 on Measures for a High Level of Network and Information Security for Networks across the Union ( Network and Information Security Directive 2016/1148 – also known as NIS) – but for this issue, there shall be a specialized screening and filing on the same site.

     

    The Challenge (By Way Of Conclusion)

    In any case, it is more than obvious that securing confidentiality is one of the challenges of today’s business. It is up to us, the directly and indirectly involved (us Legal Advisors in particular), to assist and respond positively to this challenge by providing our own small contribution to what everybody desires, that is to secure and develop healthy entrepreneurship.

    Koumentakis-and-Associates-Stavros-Koumentakis

    Stavros Koumentakis
    Senior Partner

    [/vc_column_text][/vc_column][/vc_row]

  • Workshop Of Creative Pharma Services for Confidentiality

    Workshop Of Creative Pharma Services for Confidentiality

    [vc_row][vc_column][vc_column_text] Koumentakis & Associates Law Firm was invited and participated in the annual training conference of Creative Pharma Services, with a presentation titled: “Companies and Confidentiality”.

    The presentation of Mr. Stavros Koumentakis gathered the high interest of nearly one hundred executives and associates of the company who participated, as, apart from the general context of the issue, Mr. Koumentakis also referred to the specific issues arising for the Pharmaceutical market.

     

    Obligation Of Confidentiality

    Mr. Stavros Koumentakis, Senior Partner of Koumentakis & Associates Law Firm started his address with a reference into the obligation of confidentiality for all information related to a company and its stakeholders, such as associates, clients and employees and he furtherly focused on the particular issues related to pharmaceutical industry, including any information related to studies and pharmacovigilance as well as products, designs, patents, documents on policies and procedures.

     

    Personal Data

    Mr. Koumentakis then referred to the issue of personal data, the obligations and rights of employees and associates, and the capabilities that companies have in order to ensure Confidentiality (e-mail monitoring, retrieving deleted mail, recording of data from the company’s computers, etc.).

    Confidentiality Regulations And Sanctions

    As Mr. Koumentakis stated, the legal framework for confidentiality regulations is quite comprehensive both in general (Civil Code and Penal Code), and in particular (Law 2472/1997, Law 144/1914, Greek Code of Ethics for Pharmacists), as well as at the level of a company (Employment Agreements, Labor Code, Code of Ethics, NDA’s), while the sanctions for a confidentiality breach are Civil Penalties (two times the annual remuneration,  compensation for any damage), Penal sanctions (custodial sentences, financial penalties) and Professional penalties.

     

    The Benefits Of Confidentiality

    In conclusion, Mr. Koumentakis, noted that the issue is NOT, mainly legal, and that the benefits of securing confidentiality are obvious to the company, its clients, its employees and their families. Since, on the one hand, the company believes in its partners and trust in them, and on the other hand the partners confirm the high levels of professionalism with respectful confidentiality, this is a factor of growth and prosperity. “Regardless of sanctions, it is necessary to align the philosophy of the stakeholders and maintain high professional standards”.

    Koumentakis & Associates Law Firm was represented in the conference by Konstantinos Kornilakis, Partner and by Petrini Naidou, Senior Associate.

    [/vc_column_text][/vc_column][/vc_row]

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.