CLIENT ALERT (Turkey): Turkish Cyber Security Law Has Entered into Force

March 2025 The Personal Data Privacy team of our member firm Kolcuoglu Demirkan Kocakli has recently issued a client alert “Turkish Cyber Security Law Has Entered into Force”. You may read the firm’s new client alert here.
Read more

Romanian DPA Activity Report for 2023

December 2024 Our member firm, Nestor Nestor Diculescu Kingston Petersen, has recently issued the Romanian Data Protection Assessment Activity Report for 2023. The firm's data protection specialists examined the report and prepared a summary in which they: analyse five significant cases investigated by the Romanian DPA; present the most frequent cases of complaints, notices, and notified data breaches; compare the key numbers that reflect the DPA's activity in 2023 with those from the previous year. The full publication is available here.
Read more

Greek Draft Law Transposing the NIS 2 Directive on Cybersecurity Open for Public Consultation

October 2024 Irene Kyriakides, Partner, Natalia Soulia, Senior Associate, Eleni Kyratzi, Associate, Terpsithea Papanikolaou, Junior Associate Kyriakides Georgopoulos Law Firm On October 19th, 2024, the Ministry of Digital Governance released for public consultation the draft Law transposing into Greek legislation Directive 2022/2555 (NIS2 Directive) on measures for a high common level of cybersecurity across the EU. The proposed draft Law aims to address the gaps identified in the NIS1 Directive, which is repealed by NIS2. More specifically, both the NIS2 Directive and the draft Law apply to…
Read more

Understanding the EU's Artificial Intelligence Act: Key Insights

August 2024 Anisa Tomic, Partner, and Zerina Karahmet, Associate Maric & Co Law Firm On August 1, 2024, the European Union's Artificial Intelligence Act (AI Act) came into force, marking a significant milestone in the regulation of AI technologies. This pioneering regulatory framework is designed to ensure the safe and ethical deployment of AI across the EU, balancing innovation with fundamental rights and safety. At Marić & Co. d.o.o., we recognize the importance of understanding and complying with these regulations as AI continues to revolutionize the way we live and work, from personalized…
Read more

Software and IP Protection – Key Considerations

August 2024 Irene Kyriakides, Partner, Niovi Plemmenou, Associate, Apostolos Papachrysos, Associate, and Androniki Papoutsoglou, Junior Associate Kyriakides Georgopoulos Law Firm Introduction In an increasingly technology-oriented society, software has become an invaluable asset for businesses. Companies either develop or simply use software in their day-to-day operations and a familiarity with laws revolving around software and its protection is crucial. Navigating the complex landscape of intellectual property (IP) rights is essential for safeguarding the interests of innovative companies.…
Read more

Amendments to the Personal Data Protection Law

July 2024 Marat Minasyan, Partner, and Bahar Esenturk, Associate Kolcuoglu Demirkan Kocakli Attorneys at Law The Turkish Personal Data Protection Law ("PDPL") was amended by the Amendment Law on the Code of Criminal Procedure and Certain Laws ("Amendment Law"), published in March 2024. The Amendment Law changes the rules regarding cross-border data transfers, the processing of sensitive personal data, and the appeal process against the decisions of the Personal Data Protection Board ("Board"). It came into effect on June 1, 2024. However, the existing provisions concerning cross-border data…
Read more

Regulation on the Procedures and Principles Regarding the Cross-Border Data Transfer

July 2024 On 10 July 2024, the Regulation on Procedures and Principles Regarding the Transfer of Personal Data Abroad (the "Regulation"), which governs the implementation of Article 9 of the Personal Data Protection Law ("PDPL") concerning cross-border data transfers, was published. This Regulation primarily addresses the obligations of data controllers and processors in managing cross-border data transfers and establishes corresponding procedures. For the full article, please use the following link. 
Read more

Greece Shows Commitment to Cybersecurity

June 2024 Elisabeth Eleftheriades, Partner, and Nikolaos Tilemachos Vellios, Associate Kyriakides Georgopoulos Law Firm From the adoption of advanced digital tools and capabilities by public authorities, to the transition to a ‘government-cloud-first policy’ and significant private investments in the tech field (particularly in data centers), recent years have seen Greece rapidly emerging into the digital age. Amidst this digital transformation, the Greek government has shown that it prioritizes establishing a secure cyberspace.  This is particularly evident in the case of the National…
Read more

“Tracking”, “Monitoring”, and “Profiling” in Recent Clearview AI cases

September 2023 In the past two years, most recently on May 10, 2023, when the Austrian Datenschutzbehörde issued its decision, supervisory authorities in several European countries declared the processing of personal data by the company Clearview AI to be contrary to the GDPR. To determine whether GDPR applied to the processing of personal data by a company based in the United States, the authorities had to interpret the concepts of “monitoring”, “tracking”, and “profiling”. This blog post explores how the recent Clearview decisions interpreted “monitoring”, “tracking”,…
Read more

HDPA Imposes EUR 20 million Fine to AI Company

August 2022, KG Law Firm In Decision 35/2022, the Greek data watchdog, the Hellenic Data Protection Authority (“the Authority”), imposed a EUR 20 million fine on a US-based software company, for its web scraping techniques and functioning of its automated facial recognition system. The Authority’s investigation was instigated by a complaint concerning the AI company’s failure to respond to a data subject’s access request. The company’s activities fell under the scope of the General Data Protection Regulation (GDPR) given the latter’s extra-territorial applicability to processing…
Read more

Personal Data Protection Risks of Employee Diversity and Inclusion Programmes in Bulgaria

June 2022 Authors: Nikolay Zisov, Deyan Terziev, BOYANOV & Co. Over the last few years, diversity and inclusion have become more than policies, programmes, or headcounts. More and more companies in Bulgaria aim to achieve a certain percentage of employees who belong to a religion or ethnic group, as well as the inclusion of such persons at different work process levels, including by respecting their customs and traditions. However, such initiatives often face legal challenges, specifically in view of compliance with the applicable personal data protection laws. Partner Nikolay Zisov and…
Read more

Key Points From EDPB’s Guidelines on the Right of Access

March 2022 Author: Pablo Perez Laya, BDK Advokati Arts. 12 and 15 of the EU Data Protection Regulation (EU) 2016/679 (“GDPR“) regulate the right of access (“RoA“). This right consists of three main components: (i) confirmation of whether personal data are processed; (ii) access to the personal data; and (iii) information about the processing itself. The European Data Protection Board (“EDPB“) adopted, on 18 January 2022, the Guidelines 01/2022 on data subject rights – Right of access (“Guidelines“), to provide more precise guidance on how to implement the RoA in different…
Read more