Article 3 of the fifth Article of Law 3607/2007 (Government Gazette, Series I, No 245) on the purpose of IDIKA AE is replaced as follows:
‘Article 3
Purpose
- The H.D.Y.K.A. M.A.E. operates in the public interest, according to the rules of the private economy and has no profit, industrial or commercial character. Its purpose is to:
a) supporting mainly the Ministries of Digital Governance, Health, Labour and Social Security, Social Cohesion and Family and other Ministries and public sector bodies, in matters of Information Systems, digital technology, communication, e-government, e-services and new and open technologies, in all their areas of competence, as well as the study, development, operation, exploitation, administration, management, monitoring and maintenance of Information and Communication Systems, equipment, software and services to serve all the above Ministries and bodies;
b) the electronic service of citizens in their transactions with the above bodies (e-government),
cooperating with relevant European Union bodies and acting as a national contact point for digital health, as an organisational and technical gateway for the provision of services linked to the cross-border exchange of personal electronic health data in the context of their primary use, interconnecting with other European national contact points, as well as with the central interoperability platform in the cross-border MyHealth@EU infrastructure and exchanging personal electronic health data on the basis of the European electronic health records exchange format;
ensuring and supporting the interoperability of the Information and Communication Systems of the above bodies;
the integration and management of all information on e-government and technologies of the supported bodies;
to provide advice to all public sector bodies, as defined in Article 14(1)(a) of Law 4270/2014 (Government Gazette, Series I, No ΄ 143), on the above matters;
g) the provision to any department of the State and of the European Union of statistical and other types of information and evaluations;
h) the supervision and control of those operating, as well as of the IT and Communications projects under implementation of the above bodies;
i) the collection, processing, cross-checking and transmission of Management data exclusively for the support and operation of applications developed and developed in the context of the company's purpose;
the implementation of actions and projects of the above bodies;
its function as a technological body under Article 13A of Law 4310/2014 (GG I 258) on the uniform governance of digital services and infrastructures in the health sector.
- In order to achieve its objectives, the Company:
a) develops Information and Communication Systems and provides consulting services to the Ministry of Digital Governance, the Ministry of Health, the Ministry of Labour and Social Security, the Ministry of Social Cohesion and Family and other Ministries and other public sector bodies;
b) conducts, for all the entities referred to in point (a) of this Article or in cooperation with them, the tenders for the design, development, operation, operation, management and maintenance of Information and Communication Systems in accordance with the above, implements and monitors the contracts concluded;
outsources projects to operate and support its activities;
d) participates in research projects, collaborates with universities and innovation centres, organizes and participates in conferences and seminars,
participate in any capacity in the implementation of European programmes of which it may become the implementing body and beneficiary;
be connected via a real-time network to the Information Systems of all supported entities in support of developing applications;
may conclude programme agreements with the bodies to which it provides services for the implementation of projects financed by co-financed programmes or national programmes with a source of Union funding.
- The data processed shall be used for the following purposes:
the operation, support and business continuity of the computerised health, social security, welfare and social policy applications implemented or supported by IDIYKA MAE, including the necessary checks, cross-checks and data quality assurance actions;
ensuring the security of information systems, including security incident management, incident recording and analysis, and access control;
the evaluation of performance, the correction of errors and the improvement of the services provided, in accordance with the relevant technical and functional specifications;
compliance with information, accountability and compliance with applicable national and Union law, including personal data protection and information security obligations;
e) carrying out checks and cross-checks in the context of support and operation of the computerised health, social security, welfare and social policy applications implemented by IDIYKA MAE and access to them is acquired by its staff employed in the operation and support of the above applications, in the exercise of their duties and responsibilities, and appointed by an act of the company's CEO. The staff in question must observe confidentiality, in accordance with Article 21(1) of the Tax Procedure Code (Law 5104/2024, Government Gazette, Series I, No 58). The staff of DIYKA MAE, regardless of the employment relationship, is obliged to process the said data exclusively for the purpose for which they were granted access to them and any further processing and disclosure of these data is prohibited. In any case of processing, as defined in appendix 2 of Article 4 of the General Data Protection Regulation (Regulation (EU) 2016/679), the bodies involved must take the appropriate technical and organisational data security measures in accordance with Article 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) in order to ensure their integrity and confidentiality. In the event of a breach of data confidentiality, Article 83 of the General Data Protection Regulation (Regulation (EU) 2016/679), Articles 38 and 39 of Law 4624/2019 (Government Gazette, Series I, No 137) on administrative and criminal penalties, Articles 370B and 370C of the Criminal Code (Law 4619/2019, Government Gazette, Series I, No 95) and point (k) of paragraph 1 and Article 21(3) and (4) of the Tax Procedure Code shall apply.
making electronic health data available for secondary use, i.e. processing them for purposes other than the original ones for which they were collected or produced, as laid down in Chapter IV of Regulation (EU) 2025/327 of the European Parliament and of the Council of 11 February 2025 on the European Health Data Space and amending Directive 2011/24/EU and Regulation (EU) 2024/2847 (L series), as well as Article 89 of Regulation (EU) 2016/679.
- The DIYKA MAE shall ensure the completeness, integrity and reliability of the health data made available and shall not use or make them available for any purpose other than those permitted by Regulation (EU) 2025/327 or for any form of commercial exploitation unless expressly provided for by national or EU law and the conditions of Regulation (EU) 2025/327 for commercial use are complied with. The responsibilities for processing electronic health data for secondary use are exercised by functionally and organisationally distinct units, from those that carry out the other processing activities in accordance with the principles of Article 32 of Regulation (EU) 2016/679 and Articles 24 and 25 of Law 4624/2019.
- The IDYKA MAE may provide technical services, infrastructure and tools for the preparation of electronic health data sets, their anonymisation or pseudonymisation, the preservation of the confidentiality of intellectual property rights and trade secrets, the provision of data in secure processing environments, as well as the assurance of their quality and usability, in accordance with Regulation (EU) 2025/327, Regulation (EU) 2016/679 and any other relevant national or EU legislation.’
English
Leave a Reply