EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients.
Recent Searches
Download PDF
Articles 1–16 of the Act no. 5188/2025 (Government Gazette 49/A/28-03-2025) establish the measures for the implementation of the Data Governance Act. The new Act sets out the regulatory framework for the re-use of public sector information, designates the competent authorities for data intermediation services and data altruism organizations, and provides for relevant sanctions in case of violation of the Act.
Articles 1 to 16 of Act no. 5188/2025 introduce measures for the implementation of Regulation (EU) 2022/868 (“Data Governance Act” or the “Act”) into the Greek legal order (the “Act”).
The purpose of the new Act is to establish an effective data governance framework for data held by public sector bodies, to facilitate access to and the sharing of such data, to enhance trust in the voluntary exchange of data for the benefit of businesses and citizens, and to improve the national framework and institutions for the governance of public sector information.
Within this context, the new Act provides for the following implementation measures of the Act:
- It establishes the regulatory framework governing the re-use of protected public sector information.
- It designates the competent supervisory authority for data intermediation service providers and data altruism organisations.
- It sets out the powers and enforcement competences of the supervisory authority, as well as the legal remedies available to affected individuals.
- It lays down the framework for the adoption and implementation of a national data strategy.
1.The Data Governance Act
The Data Governance Act establishes the framework and sets out the conditions for the re-use of data held by public sector bodies that are legally protected, particularly as personal data or data protected by intellectual property rights (“protected data”), by regulating the applicable procedure through a single information point.
Furthermore, the Act provides for the establishment of data intermediation services and data altruism organisations, in order to support and facilitate the provision of data by the data subject or holder (data sharing).
2. Provisions on the re-use of Protected public sector information
The Act no. 5188/2025 introduces the following provisions regarding the re-use of protected data held by public sector bodies:
- It establishes the principle of “open access by design and by default”, under which public sector bodies are required to create and make their data available in formats and structures that facilitate anonymisation (Article 3).
- It designates the Ministry of Digital Governance as the competent authority to assist public sector bodies that grant or deny access to data for re-use (Article 5).
- It designates the Ministry of Digital Governance as the single information point for the Data Governance Act (Article 6).
Decisions by public sector bodies on requests for access to data for re-use are subject to judicial review before the territorially competent Administrative Court of Appeal (Article 7).
3. Provisions on Data Intermediation Services
The Act no. 5188/2025 designates the Ministry of Digital Governance as the competent supervisory authority for data intermediation service providers and data altruism organisations (Articles 8–9).
In case of non-compliance with the provisions of the Data Governance Act, the Ministry of Digital Governance, following a prior hearing, may impose administrative fines ranging from €10,000 to €100,000 (Article 12).
Decisions imposing fines may be challenged through an appeal on the merits before the competent Administrative Court of Appeal.
4. Data Use Officer
For the implementation of the Act, the Act introduces the newly established role of the Data Use Officer (DUO), who is appointed at every central government body.
The Data Use Officer must explicitly be a different individual from the Data Protection Officer and the Information and Communication Systems Security Officer.
5. National Data Strategy
The Ministry of Digital Governance drafts and updates the National Strategy for public sector information, which determines the core principles, framework, and guidelines for the access and re-use of public sector information, as well as the specific principles governing each horizontal or sectoral initiative serving this purpose.
The National Strategy has a five-year duration and is binding upon all relevant public sector bodies.
A Coordinating Committee for public sector information is established within the Ministry of Digital Governance, serving as the coordinating body for public data management issues.
The Coordinating Committee may set up working groups to address specific topics, which may also include external experts. These working groups submit reports and recommendations to the Committee.
6. Significance
The value of the data economy in the European Union is expected to increase from three hundred and one billion euros (€301,000,000,000) in 2018 to eight hundred and twenty-nine billion euros (€829,000,000,000) by the end of 2025.
The Act no. 5188/2025 forms part of an emerging body of a holistic data law, applied in line with the provisions of Regulation (EU) 2016/679 ( “GDPR”).
The provisions of the new Act promote data sharing and facilitate the re-use of protected public sector information, thereby creating growth opportunities for the Greek data economy.
In the new regulatory environment introduced by the Act, technology enterprises are encouraged to capitalise on data-sharing opportunities and introduce innovative services for the benefit of the economy and society.
The Act no. 5188/2025 is available here.