I think this is the equivalent of, but not identical to, section 5(1) (b) of DPA 1998 and applies to processing of Greek data in Greece by a company which operates in, and may even have an office in, Greece but where the company is not established, i.e. legally registered, in Greece - say a Thomson holiday reps office having dealings with Greeks? In your scenario I don't think the Greeks would intend Greek law to apply. Alasdair Warwood -----Original Message----- From: This list is for those interested in Data Protection issues [mailto:[log in to unmask]]On Behalf Of Trevor Chew Sent: 01 December 2004 10:53 To: [log in to unmask] Subject: Greek Data Protection Law Has anyone come across this one before in connection with Greek DP Law? Imagine a Greek citizen who normally lives in Greece but has a holiday home in the UK. Whilst in the UK, this person does some business with a UK Data Controller who processes some personal data about the Greek citizen. Below is a translation of the Greek DPA. Section 3b appears to put Greek DPA obligations on UK data controllers (and other EU data controllers as well). Is this not at odds with the EU DP Directive (Article 4) which defines how national DP law should apply? 3. The present law shall apply to any processing of personal data, provided that such processing is carried out: a) by a Controller or a Processor established in Greek Territory or in a place where Greek law applies by virtue of public international law. b) by a Controller who is not established in Greek Territory or in a place where Greek law applies, when such processing refers to persons established in Greek Territory. In this case, the Controller must designate in writing, by a statement addressed to the Authority, a representative established in Greek territory, who will substitute the Controller to all the Controller's rights and duties, without prejudice to any liability the latter may be subject to. The same shall also apply when the Controller is subject to exterritoriality, immunity or any other reason inhibiting criminal prosecution. c) by a Controller who is not established in the territory of a member-state of the European Union but in a third country and who, for the purposes of processing personal data, makes use of equipment, automated or otherwise, situated on the Greek territory, unless such equipment is used only for purposes of transit through such territory. In this case, the Controller must designate in writing by a statement addressed to the Authority a representative established in Greek territory, who will substitute the Controller to all the Controller's rights and duties, without prejudice to any liability s/he may be subject to. The same shall also apply when the Controller is subject to exterritoriality, immunity or any other reason inhibiting criminal prosecution. Would anyone like to comment on whether they think this may just be a dodgy translation of Greek DP law, or if a UK data controller could indeed be bound by the Greek DPA in the above circumstances? -- ---------------------------------------------------------------------------- -- Halifax plc, Registered in England No. 2367076. Registered Office: Trinity Road, Halifax, West Yorkshire HX1 2RG. Regulated by the Financial Services Authority. Represents only the Halifax Financial Services Marketing Group for the purposes of advising on and selling life assurance, pensions and collective investment scheme business. =========================================================================== == ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ All archives of messages are stored permanently and are available to the world wide web community at large at http://www.jiscmail.ac.uk/lists/data-protection.html If you wish to leave this list please send the command leave data-protection to [log in to unmask] All user commands can be found at : - http://www.jiscmail.ac.uk/help/commandref.htm (all commands go to [log in to unmask] not the list please) ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^