Purpose - The purpose of this paper is to examine the application of the European General Data Protection Regulation (GDPR) to Greek companies. The research investigated the positive and negative impact of the implementation of the Regulations, 18 months after the new legislation went active, regarding technological, organizational and legal issues.
Design/methodology/approach – For this research first step was the study of existing literature. Then, questionnaires were distributed to companies liable to the GDPR for the collection of quantitative data. Finally, a conduct research was made in a company that offers records management services trying to bring the services in compliance with GDPR.
Findings – The above procedures have yielded significant findings regarding the actual implementation of GDPR in the companies and the technological and organizational issues that took place and need to be resolved.
The most important outcomes from this research is a) that the companies are in need for more guidance from the competent authorities in the field of data protection, b) there is a significant cost required to implement the changes in organizational structures and c) the important role of the Data Protection Officer (DPO).