Greece has introduced stringent criminal penalties for violations of the General Data Protection Regulation (GDPR), with sentences reaching up to 20 years. The new regulations specify criminal sanctions for six primary offences:

  1. Unauthorized Data Processing: This includes unauthorized access, copying, deletion, or transmission of data: Penalty: Up to one year in prison.
  2. Breach of Confidentiality by Data Protection Officers (DPOs): This occurs when DPOs breach their duty of confidentiality to obtain benefits or to cause harm: Penalty: Up to one year in prison.
  3. Unauthorized Data Processing with Subsequent Unauthorized Transmission: This infringement involves processing data without authorization and then transmitting it to other unauthorized parties: Penalty: Up to five years in prison.
  4. Unauthorized Processing of Sensitive Data: Involves handling sensitive personal data without authorization: Penalty: One to five years in prison and a fine of up to 100,000 EUR.
  5. Unauthorized Data Processing for Profit or Harm Involving Significant Sums: This refers to unauthorized data handling intended to generate profit or cause harm, involving amounts greater than 120,000 EUR: Penalty: Five to ten years in prison.
  6. Unauthorized Data Processing Affecting National Functions: This includes unauthorized data processing that impacts the functioning of the Greek state or national security: Penalty: Five to twenty years in prison and a fine of up to 300,000 EUR.

These measures reflect Greece’s commitment to enforcing GDPR compliance and protecting personal data.