GREECE Law and Practice Contributed by: Angela Livgieri and Danai Panopoulou, ALG Manousakis Law Firm
Appropriate security and access controls (eg, encryp- tion and pseudonymisation, access restrictions, data retention policies and rules to protect data from unau- thorised access, breaches or leaks) must be imple- mented. The appropriate legal basis must be assessed (as per Articles 6 & 9 of the GDPR for plain and special cat- egories of personal data, such as health-related). It is essential to provide relevant information to the individuals involved. This information should include the purposes for processing their data, the identity and contact details of the data controller, any recipi- ents or categories of recipients who will receive the personal data and the privacy-related rights of the individuals, among other necessary details. If third parties access the database, data processing agreements must be executed, along with Standard Contractual Clauses (SCCs), as applicable for inter- national transfers. If the database involves automated processing of personal data, prior consultation with the Hellenic Data Protection Authority (HDPA) may be required under Article 67 of Law 4624/2019. The HDPA may also review international data transfers or secondary uses of the data. The process for classifying a product as either a phar- maceutical or a medical device depends on its intend- ed use, primary mode of action and composition. The primary distinction is their mode of action. Pharma- ceuticals exert their effects through pharmacologi- cal, immunological or metabolic means mechanisms, while medical devices primarily operate via physical or mechanical mechanisms. Pharmaceuticals Pharmaceuticals are governed by Directive and rel- evant national laws, such as Legislative Decree 96/1973 and Law 1316/1983 in Greece. The approval process for pharmaceuticals involves submitting an application to the regulatory authority (EOF in Greece), including information about composition, manufactur- 3. Marketing Authorisations 3.1 Product Classification
ing standards and pharmacovigilance practices. Once approved, marketing authorisation holders (MAHs) must comply with stringent post-marketing obliga- tions, including pharmacovigilance reporting. Medical Devices The MDR and the IVDR regulate medical devices. National Joint Ministerial Decisions, along with guid- ance issued by the EOF, provide additional oversight. Medical devices are designed to assist bodily func- tions and can operate mechanically, physically, or through software without producing direct pharma- cological effects. Examples include surgical instru- ments and diagnostic software. Manufacturers must complete a conformity assessment to demonstrate compliance with safety and performance standards. The product obtains CE marking through a notified body or the national authority before it can be mar- keted. Devices are classified by risk level and intended purpose, with post-marketing vigilance responsibili- ties to ensure continued safety and effectiveness. In Greece, the responsible notified body for the con- formity assessment and the CE marking (granting of CE 0653 in Greece, which shows compliance with the applicable legislation) of medical devices is the National Evaluation Centre of Quality and Technology in Health (EKAPTY). 3.2 Marketing Authorisation for Biologic Medicinal Products In Greece, biologic medicinal products require market- ing authorisation through either the national procedure (EOF) or, more commonly, the centralised procedure under Regulation (EC) No 726/2004, where approval is granted at the EMA level. There are no differences in the approval process between pharmaceutical (chemical) and biological products. Biosimilars, or generic biological products, must be similar but not identical to the reference product. This contrasts with traditional chemical pharmaceuticals, which require identical characteristics for approval.
116 CHAMBERS.COM
Powered by FlippingBook