GREECE Law and Practice Contributed by: Nikos Nikolinakos, Dina Kouvelou and Alexis Spyropoulos, Nikolinakos & Partners Law Firm
IoT Operators Law 4961/2022 introduces measures for the transparent and safe operation of IoT devices used by essential service operators and digi - tal service providers. Such IoT operators are required to use IoT technologies in accordance with the technical security specifications, includ - ing cybersecurity measures, and bear several obligations. • Operators are required to designate an IoT Security Officer, to be responsible for moni - toring the proper implementation of the tech - nical and organisational measures, and for maintaining the log created by the device for a reasonable period of time. • Operators must keep and update a register of the IoT technology devices they use. This register is made available to the NCSA or the competent response team when requested. • IoT operators must ensure that users of IoT devices are provided with information on their secure installation, configuration and operation, as well as detailed instructions for checking device security. They must also ensure that users are involved in the installa- tion and operation of the devices as little as possible. • If the IoT Security Officer suspects that an IoT device presents a risk, they shall make a recommendation to the operator, who shall in turn inform the NCSA, the compe - tent response team, the manufacturer, the importer and the distributor of the device and suspend the use of the device to the extent necessary. • Upon being notified by the NCSA, IoT opera - tors must suspend the use of any IoT device that presents a security risk despite comply - ing with the necessary technical security specifications.
• IoT operators must carry out an impact assessment of the envisaged processing operations of personal data related to the operation of the IoT device. Cybersecurity IoT devices must be designed and developed in such a way as to achieve an appropriate level of cybersecurity throughout their lifecycle and to prevent attempts by unauthorised third par - ties to alter their use or performance, and must incorporate measures to ensure an appropriate level of cybersecurity. Administrative Sanctions The competent body of the Ministry of Digital Governance may impose sanctions for non-com - pliance – ie, recommendations, reprimands and fines of up to EUR15,000, or up to EUR100,000 in case of recurrence. 4.3 Data Sharing Legislation in Greece has not yet delineated spe - cific requirements with respect to data sharing in the context of IoT. The application of the EU Data Act is expected to significantly alter the regula - tory framework and improve access to data in the EU market. 5. Audiovisual Media Services 5.1 Requirements and Authorisation Procedures Main Requirements Pursuant to the provisions of Greek Law 4779/2021 and provided that they fall within the Greek jurisdiction, the main requirements for providers of audiovisual media services include the following.
106 CHAMBERS.COM
Powered by FlippingBook