The European Union's General Data Protection Regulation (GDPR), in force as of 25 May 2018 in all European Union countries, protects fundamental rights and freedoms of individuals.
It is designed to allow individuals to have more control over their personal data and imposes new obligations on organizations that collect, manage or analyze such data. In Greece, the competent supervisory authority is the Hellenic Data Protection Authority
Personal data is defined as all the information that characterizes a natural person, namely Name, occupation, marital status, age, home address, e-mail address, bank account details, computer IP address. In addition, sensitive personal data is defined as: medical history (diagnoses, prescriptions, referrals, results of laboratory and imaging tests), racial or ethnic origin, political views and religious beliefs, information about sex life and orientation, and criminal prosecution or convictions.
Data processing is defined as any act performed with or without the use of automated electronic means, on personal and sensitive personal data. Therefore, the collection, organization, storage, customization, use, dissemination and deletion of data is considered data processing.
Based on the GDPR, all natural persons, the "subjects" to whom the data belong, have full management rights of their personal data, with the most important being:
- easy access and reception of all data (portability),
- request error correction,
- oppose their processing,
- ability to request the deletion of their personal data (right to be forgotten).
In addition, all organizations, companies and freelancers should implement policies and procedures by which they:
- obtain consent for the collection and processing of personal data,
- provide clear notification for the collection and processing of personal data,
- describe the reasons and cases for processing personal data,
- keep records that provide detailed information on data processing processes,
- protect personal data by taking appropriate security measures within and in the context of their communications with third parties,
- define the policies for storing, maintaining, securely storing and deleting data that they have in their possession, in printed and electronic form,
- notify the authorities and interested parties within 72 hours of personal data breaches.
Personal data collected by the members of the Association "Hellenic section of AIACE":
- are collected only through the application for registration of new members,
- are stored in the register of members provided by the statutes of the Association,
- are used only to inform members about activities and events of the Association according to the statutes,
- are kept only until the final deletion of the member from the Association according to the statutes,
- are accessible only by the members of the Board of Directors in the context of the activities of the Association.
Regarding their personal data, members of the Association have the right to:
- know what such data the Association keeps and how it processes it,
- request their correction or update,
- request the restriction of their processing if this does not imply the deletion from the Association,
- file a complaint with the Hellenic Data Protection Authority, if they consider that they and their rights are being in any way infringed upon.
Communication concerning the exercise of the above rights can be done by sending an e-mail to the address: [email protected]
(for the attention of the person in charge of personal data protection).