Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

The Greek Data Protection Authority issues an announcement on the need of certification of DPOs


As we get closer to May 2018 when the GDPR will enter into force, the discussions on whether organisations should appoint a DPO and what qualifications such person should meet have significantly increased.

The GDPR indeed establishes the obligation for a DPO on all public authorities and also on these private companies that conduct “heavy” data processing activities, namely their core activity is either to monitor individuals systematically and on a large scale or to process special categories of personal data on a large scale as well. The appointment of a DPO is most probably the obligation of the GDPR that has attracted most attention.

Recently the Greek DPA issued an announcement regarding the certification of DPOs, which most probably came as a response to the overwhelming increase of educational programs and seminars currently offered in the Greek market and the provision of certification services for DPOs locally.

In its announcement the DPA made clear that:

  • the GDPR neither imposes an obligation for certification of a DPO nor does it encourage such certification on a voluntary basis
  • the offered seminars or programs do not constitute a certification of professional qualifications or skills of a DPO and  
  • currently there is no accredited organisation in Greece that may provide such certifications.

The above announcement of the DPA, which generally follows the views adopted by the Working Party of Article 29 in the Guidelines on DPOs issued on 13.12.2016, puts things straight regarding the professional skills and certifications required for DPOs. There is no doubt that the DPO should have a good level of knowledge of data protection laws and practices, but this knowledge should not be merely based or evidenced by the DPOs participation in an educational program, which is determined both in terms of scope and quality by the organisations that offer them.

Article provided by:

  • Takis Kakouris, Partner, Zepos & Yannopoulos
  • Mary Deligianni, Senior Associate, Zepos & Yannopoulos


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Hö



53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More



The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.