Home - NNDKP Privacy Out Loud

Enforcement statistics in Romania May 2025

based on the press releases published by the Romanian supervisory authority on its website in that month

-                                        Number of fines
-                                        Highest fine
+,000 €
-                                        Lowest fine
+,000 €
-                                        Total amount of fines
+,000 €
-                                        Number of corrective measures
-                                        Number of fines triggered by data breach notifications
-                                        Number of fines triggered by complaints
-                                        Legal provisions mentioned in press releases
+                                        Article 5 (1) a), b) and (2), Article 6 (1), Article 12 (1), Article 14, Article 15, Article 32 (1), (2) and (4) GDPR

NNDKP’s Data Protection and Privacy practice has been providing expert advice on virtually all aspects related to this field, as a stand-alone group, since 2008. Our experienced team is one of the most awarded on the local market. It received the distinction of “Best law firm for Data Protection in Romania” in 2021 and 2019 at the Romanian Legal Awards Gala by Legal Marketing and the “Legal Innovation award for Data Protection in Romania” in 2018 by The Times, Legal Marketing. Our practice co-heads are seasoned experts in the data protection field in Romania.

Iurie Cojocaru

Partner, Head of the Data Protection practice

View profile on NNDKP

Roxana Ionescu

(1981-2023)

View profile on NNDKP

IN THE SPOTLIGHT

Failure to respond to authority requests for information sanctioned by the Romanian DPA

Lately, the Romanian DPA announced two new sanctions for violation of GDPR article 58. A natural person has been under the DPA’s scrutiny for improperly installing a video surveillance system on a building. The DPA has requested information from the controller in order to assess the legality of the processing activity occurred, however it was given the silent treatment. Firstly, the DPA has app…

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

Court partially overturns GDPR sanctions applied in the context of GPS monitoring

A recent court case involving a Romanian data controller and the Romanian Data Protection Authority (Romanian DPA) has concluded with a partial success for the company. While the fine imposed for GDPR violations was annulled in court, the reprimand related to excessive data retention remains in effect. Background of the investigation The investigation, completed in October 2024, was initiat…

Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

The Romanian DPA sanctions a natural person and a market research company

Recently, the Romanian Data Protection Authority (ANSPDCP) announced two new sanctions for GDPR violations. A company active in market research – fined for multiple GDPR breaches Following complaints from two European supervisory authorities, the ANSPDCP investigated a Romanian-based company active in the field of market research. The investigation revealed several shortcomings - failure to …

ARTICLES

Digital graphs and hexagon grids with abstract high speed technology POV motion blur

GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update

Authors: Iurie Cojocaru, Mihai Rotaru

As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…

Cyber security and information network protection. Future technology network for business and internet concept. Earth element furnished by Nasa

GDPR | 7-year anniversary. Our top picks of past and upcoming judgements of the Court of Justice of the European Union

Authors: Iurie Cojocaru, Oana Stefan, Diana Albu

Our top judgements of the Court of Justice of the European Union (26 MAY 2024 – 25 MAY 2025) 1. Judgement in the Case C-621/22 - Koninklijke Nederlandse Lawn Tennisbond What the Court mainly said: According to the CJEU, a purely commercial interes…

Abstract digital data background. Wave with moving dots. Musical stream of sounds. 3D .

Romanian DPA Report – A Year in Review – 2023

Author: Iurie Cojocaru, Mihai Rotaru

Romanian DPA case studies – our top 5 picks 1. Unlawful disclosure of a photo Case study: A doctor complained to the Romanian DPA that the public hospital where she is employed published her personal data without her consent. The hospital (acting as controller) published…

This technology-inspired data abstract background is perfect for capturing the essence of the internet's vast expanse of information.

NNDKP organized a webinar on the EU AI Act

On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation. Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…

Iurie Cojocaru – speaker at the „GDPR – Data Privacy Observer 2024” conference

On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force. Moreover, the third edition of the Romanian R…

NNDKP organized an event dedicated to data protection

On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients. In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…

Dismissal of the data protection officer

Minimum data protection checklist on future law on whistleblowing protection

Introducing NIS 2 – main things to know and follow