GDPR & DPO Services

Biosafety provides services regarding businesses’ compliance with the European General Data Protection Regulation (GDPR) 679/2016, applicable from the 25th of March 2018, in European Union’s every member state.

Experience in GDPR’s practical application confers added value, and Biosafety’s associates are specialized in Personal Data Protection and experience in the practical application of the Regulation’s requirements in Greece and abroad since 2016, prior to the law’s application.

Biosafety’s services ensure the achievement of compliance with European legislation regarding Personal Data Protection and cyber-security in the desired level, and as for the effective customer support, has developed a strategic partnership with GAG-DPR specialized GDPR consultancy company.


European Regulation 679/2016 

The European Regulation’s 679/2016 objective is the establishment of a single legal framework regarding the processing of personal data in member states of the European Union, that sets a series of restrictions and new obligations for businesses:

  • Personal data processing throughout its life-cycle, from obtainment to destruction
  • The possibility of transferring them to other countries, inside or outside the EU
  • Protection of physical persons’ (subjects) rights
  • Personal Data security
  • Actions of disclosure that a business (controller) should do in breach incidents.

Regulation’s application to concerning businesses

It concerns all private and public organizations, as well as government authorities that, in any way, process customers’ personal data (or customers’ clients), employees, associates or other physical persons. Thus, GDPR practically concerns all organizations, inside and outside the European Union as the data concerns European citizens.

By implementing GDPR, businesses are obligated to:

  • Abide by the ground principles of personal data protection, meaning to obtain them for specific legal purposes and only as much as necessary, not to process them further in a way incompatible with the purpose
  • Have, on a case-by-case basis, the free and explicit consent of physical persons
  • Transfer personal data to non-EU countries only under certain conditions
  • Provide access to personal data to their associates only when specific conditions are met and if they verify their GDPR compliance
  • Develop online tools for in-time and free requests’ response
  • Ensure the safety of personal data throughout their life-cycle
  • Maintain records and notify every data violation within 72 hours to Data Protection Authorities and to physical persons, informing them directly or through notice
  • Prove their compliance with all requirements of the Regulation

For organizations that managing a significant amount of data, GDPR mandates the appointment of a Data Protection Officer (DPO), responsible with monitoring the compliance to the rules and requirements of the regulation.

In breach incidents, corresponding fines are significantly increased, depending on the nature of the breach, the scale of processing and type and size of the organization and its annual working cycle.

Compliance Process

GDPR’s Compliance Process is an especially demanding and complex issue.

The required phases are:

  • Accurate and exact knowledge & understanding of what data will be obtained and processed in every operational phase, who is involved and with which tools and operations the process is conducted.
  • Identification and separation of operational needs, in order to ensure that all prerequisite subject’s consents and thus not over complicate operations.
  • Systemic monitoring in order to fully cover all GDPR’s requirements in every stage of data processing
  • Assessing risk that may lead to personal data breach incidents, resulting in severe financial penalties and negatively impact on businesses’ reputation
  •  Presentation of the most critical risk and means of prevention to Management in a practical way, thus deciding on a realistic plan and compliance budget
  • Taking beneficial and cost-effective measures against GDPR breach risks mitigation, without affecting operational processes