“Hellenic Data Protection Authority fines Insurance Company for poor handling of customer data requests”
(article by Mara Vasileiou (Associate Rokas Thessaloniki) and Eirini-Eftychia Gkiniki (Associate Rokas Athens))
In Decision 32/2025, the Hellenic Data Protection Authority imposed fines of €20,000 on NN Hellas and €2,000 on MediDent for failing to properly handle an insured individual’s data access request. The Authority held NN Hellas, as the data controller and legal successor to MetLife, responsible for ensuring its processor’s compliance under the GDPR. MediDent was further sanctioned for non-cooperation with the investigation. The decision reaffirms that controllers remain accountable for their processors’ conduct, particularly in merger contexts, and reflects the HDPA’s growing inclination toward stricter, sanction-based enforcement of data protection obligations.
You can read the whole article on Lexology here:
👉 https://www.lexology.com/library/detail.aspx?g=4dd6a6b7-d6df-4779-9b4b-b28a2515fe16
Access the full article [here]
