Data & Privacy · Greece
Data protection & GDPR compliance in Greece (2026)
Greece shaded by its data & privacy status
Data protection in Greece: comprehensive law, under EU GDPR (Regulation 2016/679) directly applicable + Greek Law 4624/2019 (national supplement, in force 29 August 2019) + Law 3471/2006 (ePrivacy Directive implementation); supervised by the Hellenic Data Protection Authority (HDPA).
Greece operates under the EU GDPR as directly applicable law, supplemented by national Law 4624/2019 which exercises GDPR derogations for employee data, sensitive categories, and sectoral rules for health, insurance, and media. The Hellenic Data Protection Authority (HDPA) is the independent supervisory authority, maintaining an active enforcement record with significant fines against public bodies, telecoms, and private controllers. The ePrivacy Directive is transposed via Law 3471/2006 governing electronic communications privacy and unsolicited marketing.
GDPR & data protection in Greece
In Greece, data protection is governed by the EU General Data Protection Regulation (GDPR), which applies directly and is enforced by the Hellenic Data Protection Authority (HDPA).
- Framework
- the GDPR (Regulation (EU) 2016/679) plus the national data-protection act
- Supervisory authority
- the Hellenic Data Protection Authority (HDPA)
- Applies to
- any organisation processing the personal data of people in Greece, wherever the organisation is based
- Maximum fine
- €20 million or 4% of global annual turnover, whichever is higher
- Breach notification
- within 72 hours of becoming aware, to the supervisory authority
- DPO
- required for large-scale monitoring or large-scale special-category processing
The GDPR is bloc-wide; Greece supplements it with a national data-protection act and its own supervisory authority.
GDPR in Greece: FAQ
Yes. As an EU/EEA member, Greece applies the GDPR (Regulation (EU) 2016/679) directly, enforced by the Hellenic Data Protection Authority (HDPA).
The Hellenic Data Protection Authority (HDPA).
Up to €20 million or 4% of global annual turnover, whichever is higher.
A DPO is required where you carry out large-scale monitoring or process special-category data at scale.
Personal-data breaches must be notified to the supervisory authority within 72 hours of becoming aware.
Key points
The EU GDPR (Regulation 2016/679) applies directly. Law 4624/2019, in force from 29 August 2019, supplements the GDPR and also implements Directive 2016/680 on law-enforcement data processing. Law 2472/1997 was largely repealed upon GDPR application.
Law 4624/2019 sets the digital consent age at 15 (GDPR default is 16), establishes specific employee data processing rules, and creates sectoral provisions for health, insurance, and media. The HDPA itself raised compatibility concerns with the GDPR in its Opinion 1/2020.
The Hellenic Data Protection Authority (HDPA / Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα) is the independent national DPA. It holds full GDPR Article 58 powers: investigations, corrective orders, bans on processing, and administrative fines up to the GDPR statutory maxima.
Law 3471/2006 transposes the ePrivacy Directive (2002/58/EC) and governs privacy in electronic communications including unsolicited direct marketing (spam/SMS). Violations carry fines up to €150,000 per infringement under this law, enforced by the HDPA.
The HDPA fined the Greek Ministry of Interior €400,000 for unsolicited political emails, the National Bank of Greece €200,000 for systematically delayed Article 15 access responses, and Vodafone €350,000 for GDPR Article 28 violations plus €150,000 under Law 3471/2006. The HDPA also opened an ex officio investigation into the DeepSeek AI application.
The HDPA is participating in the EDPB's 2026 Coordinated Enforcement Framework (CEF) action, assessing controllers' compliance with GDPR transparency and right-to-information obligations under Articles 13-14 across 25 EU/EEA supervisory authorities.
Greece - other topics
Data & Privacy in other countries
Last verified 5/24/2026 · Orientation, not legal advice - verify against the primary sources linked above. Methodology & how to cite · Explore the full world map →