IN THE SPOTLIGHT

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

A gambling company fined for failing to properly respond to data access requests

On December 10, 2025, the Romanian DPA concluded an investigation into a gambling company. The DPA found that the company had violated its obligation on data subject rights, particularly, the obligations regarding the right of access, and consequently issued an administrative fine amounting to RON equivalent of EUR 15,000. The investigation was initiated following a complaint from a data subjec…
Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Chartered accountant fined for inadequate data security measures

On November 27, 2025, the Romanian DPA wrapped up an investigation into a data controller operating in the capacity of a chartered accountant. The DPA found that the controller had violated Article 32(1)(b) and Article 32(2) of the GDPR and, consequently, the controller received an administrative fine amounting to RON equivalent to EUR 2,000. The investigation was launched after the controller …
Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

European Commission launches the Digital Omnibus Proposal

On November 19, 2025, the European Commission published its long-anticipated Proposal for a Regulation on the simplification of the digital legislative framework, commonly referred to as the “Digital Omnibus”. The initiative aims to streamline and harmonize key EU regulations on artificial intelligence, cybersecurity, and data. By consolidating duplicative obligations and mitigating regulatory …

ARTICLES

Abstract digital data background. Wave with moving dots. Musical stream of sounds. 3D .

Romanian DPA Report – A Year in Review – 2024

Authors: Iurie Cojocaru, Diana Albu
Romanian DPA case studies – our top 5 picks 1. Refusal to provide actual call recording and provision of transcript only Case study: A customer filed a complaint with the Romanian DPA, claiming that a mobile phone company had denied her right of access by refusing to prov…
Digital graphs and hexagon grids with abstract high speed technology POV motion blur

GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update

Authors: Iurie Cojocaru, Mihai Rotaru
As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…

Speaking engagements

This technology-inspired data abstract background is perfect for capturing the essence of the internet's vast expanse of information.

Iurie Cojocaru – speaker at a webinar organized by IAPP

On June 4, Iurie Cojocaru, Partner and Head of NNDKP`s Data Protection practice, was a speaker at a webinar on GDPR Compliance: Key Lessons and Evolving Challenges Seven Years On,  organized by the International Association of Privacy Professionals (IAPP) on the IAPP KnowledgeNet platform. Together with Andreea Lisievici Nevin, Managing Partner, ICTLC Sweden, Iurie dove into the main challenges…
Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Iurie Cojocaru – speaker at an online debate organized by Juridice.ro

On May 5, Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the online debate Artificial intelligence under the spotlight: AI regulation – from obligations in 2025 to full compliance in 2026, organized by Juridice.ro. The debate was be live on Juridice.ro.
Cybersecurity and information or network protection. Future cyber technology web services for business and internet project

Iurie Cojocaru – speaker at a webinar organized by Sypher Solutions

Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the GDPR internal audit webinar, organized by Sypher Solutions on April 10. Together with the Co-founder of Sypher Solutions, Mihai Ghita, Iurie Cojocaru talked about: How long and how often is the GDPR audit performed What resources are needed and who should be involved in the process What are the mai…

Statistics

Enforcement statistics in Romania November 2025

based on the press releases published by the Romanian supervisory authority on its website in that month

Number of fines 10
Highest fine 8,000 €
Lowest fine 1,000 €
Total amount of fines 29,000 €
Number of corrective measures 10
Number of fines triggered by data breach notifications 4
Number of fines triggered by complaints 7
Legal provisions mentioned in press releases Article 5 (1) a), c) and e), Article 6 (1), Article 7, Article 12 (3) and (4), Article 15, Article 17, Article 21, Article 25 (1) and (2), Article 32 (1) b), d), and (2)