GDPR

Sensitive are the personal data of a person referring to his racial or ethnic origins, his political views, his religious or philosophical beliefs, his involvement in a trade union, his health, his social welfare, his erotic life, his criminal prosecutions and convictions, as well as to his participation in persons related to such unions. Sensitive data are protected by the law with stricter regulations than simple personal data.

Regulation 2016/679 of the European Parliament and of the Council of the European Union concerns the protection of Personal Data of natural persons and is known as the General Data Protection Regulation (or GDPR - General Data Protection Regulation). It was passed in April 2016 and replaces the directive 95/46/EK, which was incorporated in the Greek legislation with Law 2472/1997. Its implementation date is set for May 25, 2018 and is binding on all EU member states.

The regulation affects you if:

1. Your company is based in the EU and processes personal data, regardless of exactly where the data is processed.

or

2. Your company is based outside the EU but processes Personal Data of individuals located within the EU.

According to Article 4 (1) of the General Data Protection Regulation, Personal Data: "any information concerning an identified or identifiable natural person ("data subject"); the identifiable natural person is one whose identity can be verified, directly or indirectly, in particular by reference to an identity element, such as name, identity number, location data, online identity or one or more factors specific to physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person".

There are also special categories of personal data (sensitive personal data) which are "Personal Data that reveals racial or ethnic origin, political views, religious or philosophical beliefs or trade union affiliation, and genetic data, biometric data, data relating to the health, sex life or sexual orientation of a natural person, and data relating to criminal convictions and offenses".

Data processing in accordance with Article 4 (2) is: "any operation or series of operations carried out with or without the use of automated means, in personal data or in personal data sets, such as the collection, registration, the structure, storage, adaptation or alteration, retrieval, search for information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction."