On 2 September 2024, the Romanian DPA announced that it had imposed a fine of €2,000 and issued two warnings against a major data controller in the construction and infrastructure sector for breaching the GDPR.
The sanctions were imposed following an investigation launched after receiving several complaints from a data subject, an employee of the data controller, who complained about being moni…
The deadline for the implementation of the NIS2 Directive is fast approaching on 17 October 2024.
NIS2 Directive aims to achieve a high common level of cybersecurity across the European Union, expanding the scope of cyber security regulation to cover many more sectors and entities and setting out incident notification obligations for in-scope entities, risk management requirements and significa…
On 16 September 2024, the Romanian DPA announced fines totaling the RON equivalent of EUR 4,000 imposed against two controllers in the IT and Telecom sectors for violation of the GDPR. The violations pertained to the controllers' failure to respond to data subject requests.
Further to the investigation activities, the Romanian DPA found that the controllers did not provide the data subjects wit…
It is hard to regulate technology. One of the reasons, amongst many others, is time. What you regulate today does not correspond to the technical landscape of tomorrow. Back in the first decade of 2000, when the ePrivacy Directive was adopted and amended, the European legislator did n…
Romanian DPA case studies – our top 5 picks
1. Refusal to provide the contractual clauses which represent the safeguard for the data transfer to a third country
Case study: A data subject complained about the refusal of a financial banking institution to provide him with…
As we all know, “personal data” represents information related to an identified or identifiable natural person.
So how do you identify someone? By name or through an image, one would answer. But what happens when we do not know the name and the image of the person but we are able to …
On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation.
Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…
On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force.
Moreover, the third edition of the Romanian R…
On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients.
In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…