On 30 December 2024, the Romanian Government adopted the Government Emergency Ordinance (GEO) 155/2024 which transposes the NIS2 Directive.
The GEO 155/2024 was published in the Official Gazette and entered into force with its most provisions on 31 December 2024.
According to the transitory norms of such enactment, some of its provisions will enter into force at a later day (for example, the…
On 12 December 2024, the Romanian DPA announced a fine of the RON equivalent of EUR 4,000 imposed on a controller offering public transport services for violation of the GDPR. The violations pertained to the controller’s excessive monitoring of its employees.
The fine was applied following an investigation triggered by a complaint stating that the controller installed in its vehicles audio-vide…
In October 2024, the Romanian DPA concluded an investigation into a healthcare sector controller for data protection violations and found multiple non-compliances.
The controller was fined for breaching Article 13 paragraph (1) letter i) of Law No. 506/2004, which addresses the protection of private life in electronic communications and articles 12-14 of the GDPR.
The investigation was initi…
Romanian DPA case studies – our top 5 picks
1. Unlawful disclosure of a photo
Case study: A doctor complained to the Romanian DPA that the public hospital where she is employed published her personal data without her consent. The hospital (acting as controller) published…
It is hard to regulate technology. One of the reasons, amongst many others, is time. What you regulate today does not correspond to the technical landscape of tomorrow. Back in the first decade of 2000, when the ePrivacy Directive was adopted and amended, the European legislator did not…
Romanian DPA case studies – our top 5 picks
1. Refusal to provide the contractual clauses which represent the safeguard for the data transfer to a third country
Case study: A data subject complained about the refusal of a financial banking institution to provide him with…
On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation.
Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…
On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force.
Moreover, the third edition of the Romanian R…
On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients.
In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…