Under Law 2472 /1997 (which is the general law regarding the protection of personal data in Greece), in the event of a data breach, there is no legal obligation or requirement to notify either the affected individuals or the DPA.
Greece has no specific whistleblower protection laws in place. However, since whistleblowing programs rely in the vast majority of cases on the processing of personal data, the rules and principles of the Act Regarding Protection of Individuals with Regard to the Processing of Personal Data applies to whistleblowing programs.
Article 9 par. 1 of the Greek Constitution provides that: “The private and family life of the individual is inviolable”. Article 8 par. 1 of the European Convention on Human Rights, as enacted into Greek Law by Law 53/1974, provides that: “Everyone has the right to respect for his private and family life, his home and his correspondence”.