anonym.legal

By · Last updated 2026-06-05

返回博客GDPR 与合规

希腊HDPA:旅游业与航运业的GDPR合规

希腊HDPA于2024年作出89项执法决定,较2022年增加162%。旅游业占案例总数的38%。AFM和AMKA等身份标识符需要专门处理。

June 5, 20269 分钟阅读
Greece HDPAAFM AMKA detectiontourism GDPRmaritime data protectionGreek identifiers

希腊HDPA:旅游业与航运业的GDPR合规

希腊个人数据保护局(HDPA)于2024年作出89项执法决定,较2022年的34项增加了162%。面临最大合规压力的是两个行业:旅游业和航运业。

2026年最新更新

旅游业:季节性大规模数据处理

2024年,希腊共接待逾3000万名境外游客。每次入境都会产生个人记录——酒店、POS系统、旅游公司和餐厅均会采集这些数据。核心难题在于时间管理:记录在6月至9月期间集中涌入,却需要保存远超旺季的时间。

HDPA的2024年酒店专项审查发现了三类常见违规问题。

POS系统保留违规: 餐厅POS系统超期保存银行卡和小票记录,大多数酒店企业没有书面的保留计划,记录长期堆积且仅标注「用于会计」,没有设定终止日期。

预订平台合规缺口: 使用全球预订平台的酒店通常没有签订数据处理协议,且普遍未就向非欧盟系统的传输完成传输影响评估。

旺季临时员工访问控制失当: 旺季临时员工获得了访客管理系统的访问权限,但对这些员工的核查极为罕见,其登录凭证往往在离职后数月仍处于有效状态。

旅游业在HDPA各行业案例中占比最高。关于欧盟各国身份标识符检测的全貌,请参阅欧盟国家标识符检测指南

航运业合规:大规模船员记录管理

以船舶吨位计,希腊是全球最大的船东国,希腊船队雇用逾9万名海员。雅典的船舶管理公司负责管理多国籍船员的档案记录。

船员记录在GDPR合规层面面临四项特殊挑战。

船旗国法律: 无论船舶航行至何处,船旗国法律均适用于该船。GDPR覆盖的是船上的数据处理行为,而不仅限于岸上办公室。

多国籍船员: 许多船组中没有任何本国船员,来自菲律宾、乌克兰、印度和印度尼西亚的海员十分普遍。他们的护照、STCW适任证书和健康记录均需经由雅典管理的系统流转处理。

健康记录: 航运岗位需要定期进行适任体检,健康记录属于GDPR第9条规定的特殊类别数据,需要明确的法律依据、严格的安全措施和严密的访问控制。

海员身份证件号码: STCW适任证书和海员证书按签发国使用不同的编号格式,这些ID出现在船员管理系统中,需要专门的识别能力以实现全面PII覆盖。关于各类ID的置信度评分,请参阅二元PII检测与置信度评分

国家身份标识符:AFM与AMKA

ΑΦΜ(税务号码): AFM为9位数字,通过加权求和规则设定校验位。这是希腊的主要商业身份标识符,出现于商业合同、劳动档案和公共服务中。

通用NLP工具经常漏检AFM——9位数字模式容易与日期和参考代码混淆,导致在未执行校验和步骤时产生误报;工具也会漏掉未加空格或使用非标分隔符书写的AFM。

ΑΜΚΑ(社会保险号码): AMKA为11位数字,其中编码了出生日期、性别和序列号,出现于劳动合同、处方和医院表单中。

身份证(Αστυνομική Ταυτότητα): 格式为一个字母后接6或7位数字,遵循希腊当局的签发规则。

护照: 标准欧盟格式,遵循当地签发规则。

希腊语文本的NER处理

本地文字并非拉丁字母。大多数商业NLP模型以拉丁字母文本为训练语料,拉丁字母训练的工具无法识别希腊字母文件中的姓名和地址。

针对希腊语的高质量NER需要具备四项能力:

  • spaCy el_core_news 模型或同等水平的希腊语NLP模型
  • 针对本地字符集范围的正确分词处理
  • 本地姓名模式识别(与英语和德语模式存在显著差异)
  • 希腊语地址词汇:「Οδός」(街道)、「Πλατεία」(广场)、「Λεωφόρος」(大道)

对于旅游业或航运业企业,达到HDPA合规水平的PII检测需要在同一流程中同时实现AFM和AMKA校验和验证以及希腊语NER。

参考资料

相关文章

GDPR 与合规

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR 与合规

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR 与合规

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.