Greek Supervisory Authority imposes fines on controller and processor arising from same incident

11 September 2025

Noteworthy decision from the Greek Supervisory authority who fined both the data controller and data processor arising from the same incident.

The controller was found to have infringed its obligations to select a suitable data processor and supervise them effectively.

This case highlights the need for a robust vendor managements programme from onboarding assessments to contracts and DPAs and ongoing due diligence.

See EDPB for further details:

https://www.edpb.europa.eu/news/national-news/2025/greek-sa-imposition-fines-telecommunications-company-and-data-processor_en

For any queries on this article or how Rock Consultancy can support your organisation, please contact us at info@rockconsultancy.ie