anonym.legal

By · Last updated 2026-06-05

返回博客GDPR 与合规

希腊HDPA:AFM税务号与AMKA社保号的检测合规

通用工具对希腊AFM税务号的检测准确率仅52%。HDPA 2024年共发布89项决定,较2022年增长162%。旅游和航运行业面临尤为突出的合规风险。

June 5, 20267 分钟阅读
Greece HDPAAFM AMKA detectionGreek alphabet NERtourism GDPRGreek identifiers

希腊HDPA:AFM与AMKA的检测合规

2026年更新版

希腊数据保护机构(HDPA)2024年共发布89项执法决定,较2022年的34项增长162%。旅游业占HDPA案件总量的38%,航运业亦带来额外风险。

关于各国数据保护机构执法情况的整体背景,请参阅GDPR合规指南

AFM:税务登记号

ΑΦΜ是一个9位税务号码,每位公民、居民和企业均持有一个。

**校验算法:**将第1至8位分别乘以权重256、128、64、32、16、8、4、2,累加乘积,对11取模。若结果为10,则该编号无效;否则校验位为结果对10取模的值。

AFM出现在发票、合同和政府表格中,是该国个人和企业的主要标识符。

**检测差距:**通用NLP工具对AFM的检测准确率仅为52%(HDPA 2024年数据)。造成这一现象的原因有三:其一,9位格式与众多参考编号和日期部分相似;其二,大多数通用工具缺少两步取模校验;其三,该编号通常没有标签,直接嵌入地址块中。

关于结构化标识符的更多信息,请参阅实体参考

AMKA:社会保险号

ΑΜΚΑ是一个11位编号。第1至6位以DDMMYY格式编码出生日期,第7位编码性别(奇数为男性,偶数为女性),第8至11位为序列号和校验位。

这一设计与瑞典personnummer相似,两者引发了相同的GDPR合规问题——编号直接暴露生理性别信息。

AMKA出现在健康记录、社会保障档案和薪资表中,每位公民和居民均持有一个,是医疗保健和社会福利的主要编号。关于GDPR如何适用于此类数据的说明,请参阅安全与合规页面

希腊文字支持的差距

希腊语文本使用与拉丁语系不同的书写系统,这是个人信息工具面临的核心挑战。

**Unicode范围:**希腊字符位于U+0370–U+03FF和U+1F00–U+1FFF区间。仅支持ASCII或拉丁字符的工具无法处理这些字符。

**NER模型:**spaCy的el_core_news模型支持希腊语NER,但需要显式配置。大多数默认流水线仅使用英语,对希腊文字文件不产生任何输出。

**混合文字文件:**希腊文件中常见希腊字母与拉丁字母混用的情况,品牌名称和技术术语以拉丁字母出现,正文使用希腊字母。流水线必须同时处理两种文字。

**格式变体:**名字在希腊语句子中会发生形态变化。主格「Γεώργιος Παπαδόπουλος」在属格中变为「Γεωργίου Παπαδόπουλου」。工具需要形态分析才能识别两种形式。

关于多语言个人信息检测的常见问题,请参阅常见问题页面

旅游业合规风险

旅游业占HDPA案件总量的38%。规模庞大和季节性特点是主要风险来源。

**酒店管理系统数据保留:**酒店系统收集护照号码、出生日期和联系方式。HDPA发现许多系统将此类数据保留五年以上,大多数未说明保留目的,且安全管控薄弱。

**支付数据:**酒店处理来自本地和外国宾客的银行卡数据。账单中存有部分卡号,预订系统持有完整卡号,PCI DSS和GDPR均适用于此类场景。

**季节性员工:**酒店员工通常签订4至6个月的合同。HDPA发现多起员工离职后未及时撤销系统访问权限的案例,这一问题在高流动率行业中普遍存在。

HDPA合规技术清单

处理希腊语文件的最低技术栈要求如下:AFM检测需要两步取模校验,AMKA检测需要出生日期和性别位解析,通过spaCy el_core_news添加希腊文字NER,并在两种文字中涵盖护照和国家身份证检测。

旅游运营商还需完成两项组织层面的工作:一是记录酒店管理系统的数据保留期限;二是在季节性员工离职时及时撤销系统访问权限。这两个步骤针对的是HDPA最常见的发现。

关于适合文件密集型酒店业工作流程的API方案,请参阅定价页面

anonym.legal支持AFM和AMKA的完整校验检测,并通过spaCy el_core_news流水线提供希腊文字NER能力。

参考来源

相关文章

GDPR 与合规

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR 与合规

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

GDPR 与合规

Czech Rodné Číslo: Gender Encoding and GDPR

Czech rodné číslo encodes gender via 50-offset month encoding — making it GDPR Article 9 special category data. 67% of Czech firms use German tools.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.