Trevor,

My understanding is that the Greek law (along with Belgium, Finland,
Ireland, the Netherlands, Portugal Sweden and the UK) all follow the first
rule of Art. 4 (95/46/EC) closely.

BUT, the Greeks have extended the provisions of Art. 4 and yes indeed, they
do expect non Greek data controllers to appoint a representative in Greece
if they process data concerning Greek residents!

Has anyone done this? Not to my knowledge.  Probably had a 'motor bike
accident' on the way to the office to register :-)

Rgds.


Duncan S Smith
Director
iCompli Limited   Northampton  UK
T: 08707 70 48 66  F: 08707 70 48 69  M: 07775 56 81 80
Mailto:[log in to unmask]   Web: www.icompli.co.uk
"Compliance in your language"






-----Original Message-----
From: This list is for those interested in Data Protection issues
[mailto:[log in to unmask]] On Behalf Of Trevor Chew
Sent: 01 December 2004 10:53
To: [log in to unmask]
Subject: [data-protection] Greek Data Protection Law


Has anyone come across this one before in connection with Greek DP Law?  

Imagine a Greek citizen who normally lives in Greece but has a holiday home
in the UK.  Whilst in the UK, this person does some business with a UK Data
Controller who processes some personal data about the Greek citizen. 

Below is a translation of the Greek DPA.  Section 3b appears to put Greek
DPA obligations on UK data controllers (and other EU data controllers as
well).  Is this not at odds with the EU DP Directive (Article 4) which
defines how national DP law should apply? 

3. The present law shall apply to any processing of personal data, provided
that such processing is carried out:

a)      by a Controller or a Processor established in Greek Territory or in
a place where Greek law applies by virtue of public international law.
b)      by a Controller who is not established in Greek Territory or in a
place where Greek law applies, when such processing refers to persons
established in Greek Territory. In this case, the Controller must designate
in writing, by a statement addressed to the Authority, a representative
established in Greek territory, who will substitute the Controller to all
the Controller's rights and duties, without prejudice to any liability the
latter may be subject to. The same shall also apply when the Controller is
subject to exterritoriality, immunity or any other reason inhibiting
criminal prosecution.
c)      by a Controller who is not established in the territory of a
member-state of the European Union but in a third country and who, for the
purposes of processing personal data, makes use of equipment, automated or
otherwise, situated on the Greek territory, unless such equipment is used
only for purposes of transit through such territory. In this case, the
Controller must designate in writing by a statement addressed to the
Authority a representative established in Greek territory, who will
substitute the Controller to all the Controller's rights and duties, without
prejudice to any liability s/he may be subject to. The same shall also apply
when the Controller is subject to exterritoriality, immunity or any other
reason inhibiting criminal prosecution.
 
Would anyone like to comment on whether they think this may just be a dodgy
translation of Greek DP law,  or if a UK data controller could indeed be
bound by the Greek DPA in the above circumstances? 




-- 

----------------------------------------------------------------------------
--
Halifax plc, Registered in England No. 2367076.  Registered Office: Trinity
Road, Halifax, West Yorkshire HX1 2RG. Regulated by the Financial Services
Authority.  Represents only the Halifax Financial Services Marketing Group
for the purposes of advising on and selling life assurance, pensions and
collective investment scheme business.  
============================================================================
==

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
       All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
      If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
            All user commands can be found at : -
        http://www.jiscmail.ac.uk/help/commandref.htm
  (all commands go to [log in to unmask] not the list please)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^