On 13 November 2024, the Romanian DPA announced a fine of the RON equivalent of EUR 4,000 imposed on a controller in the HR Industry for violation of the GDPR. The violations pertained to the controller’s unlawful monitoring of employees' vehicles.
The fine was applied following an investigation triggered by a complaint submitted by an employee claiming that the controller had monitored the loc…
On 15 October, the Romanian Cybersecurity Authority (DNSC) has published the updated draft transposing NIS2 Directive.
The current draft is elaborated in the form of a draft Government Emergency Ordinance (GEO), which means that the transposition is intended to be adopted by the Government, avoiding the parliamentary procedure. The Parliament of Romania will have to confirm or reject the GEO af…
On 2 September 2024, the Romanian DPA announced that it had imposed a fine of €2,000 and issued two warnings against a major data controller in the construction and infrastructure sector for breaching the GDPR.
The sanctions were imposed following an investigation launched after receiving several complaints from a data subject, an employee of the data controller, who complained about being moni…
It is hard to regulate technology. One of the reasons, amongst many others, is time. What you regulate today does not correspond to the technical landscape of tomorrow. Back in the first decade of 2000, when the ePrivacy Directive was adopted and amended, the European legislator did n…
Romanian DPA case studies – our top 5 picks
1. Refusal to provide the contractual clauses which represent the safeguard for the data transfer to a third country
Case study: A data subject complained about the refusal of a financial banking institution to provide him with…
As we all know, “personal data” represents information related to an identified or identifiable natural person.
So how do you identify someone? By name or through an image, one would answer. But what happens when we do not know the name and the image of the person but we are able to …
On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation.
Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…
On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force.
Moreover, the third edition of the Romanian R…
On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients.
In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…