IN THE SPOTLIGHT

Cybersecurity and information or network protection. Future cyber technology web services for business and internet project

An automotive manufacturing company fined for inadequate data security measures

On January 19, 2026, the Romanian DPA concluded an investigation into an automotive manufacturing company. The DPA found that the company had violated its obligation concerning the principles relating to processing of personal data and the security of processing. As a result, the DPA issued two administrative fines amounting to RON equivalent of EUR 5,000 and EUR 10,000 respectively. The invest…
Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

A gambling company fined for failing to properly respond to data access requests

On December 10, 2025, the Romanian DPA concluded an investigation into a gambling company. The DPA found that the company had violated its obligation on data subject rights, particularly, the obligations regarding the right of access, and consequently issued an administrative fine amounting to RON equivalent of EUR 15,000. The investigation was initiated following a complaint from a data subjec…
Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Chartered accountant fined for inadequate data security measures

On November 27, 2025, the Romanian DPA wrapped up an investigation into a data controller operating in the capacity of a chartered accountant. The DPA found that the controller had violated Article 32(1)(b) and Article 32(2) of the GDPR and, consequently, the controller received an administrative fine amounting to RON equivalent to EUR 2,000. The investigation was launched after the controller …

ARTICLES

Abstract digital data background. Wave with moving dots. Musical stream of sounds. 3D .

Romanian DPA Report – A Year in Review – 2024

Authors: Iurie Cojocaru, Diana Albu
Romanian DPA case studies – our top 5 picks 1. Refusal to provide actual call recording and provision of transcript only Case study: A customer filed a complaint with the Romanian DPA, claiming that a mobile phone company had denied her right of access by refusing to prov…
Digital graphs and hexagon grids with abstract high speed technology POV motion blur

GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update

Authors: Iurie Cojocaru, Mihai Rotaru
As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…

Speaking engagements

Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Iurie Cojocaru – speaker at the GDPR Data Privacy Observer 2026 conference

On January 22, Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the 5th edition of the GDPR Data Privacy Observer 2026 conference. Iurie joined the discussions in the first panel of the event and talked about the impact of the Omnibus package on data protection. On the same day, the 5th edition of the Awards Gala of the Romanian Magazine for the Protection a…
This technology-inspired data abstract background is perfect for capturing the essence of the internet's vast expanse of information.

Iurie Cojocaru – speaker at a webinar organized by IAPP

On June 4, Iurie Cojocaru, Partner and Head of NNDKP`s Data Protection practice, was a speaker at a webinar on GDPR Compliance: Key Lessons and Evolving Challenges Seven Years On,  organized by the International Association of Privacy Professionals (IAPP) on the IAPP KnowledgeNet platform. Together with Andreea Lisievici Nevin, Managing Partner, ICTLC Sweden, Iurie dove into the main challenges…
Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Iurie Cojocaru – speaker at an online debate organized by Juridice.ro

On May 5, Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the online debate Artificial intelligence under the spotlight: AI regulation – from obligations in 2025 to full compliance in 2026, organized by Juridice.ro. The debate was be live on Juridice.ro.

Statistics

Enforcement statistics in Romania November 2025

based on the press releases published by the Romanian supervisory authority on its website in that month

Number of fines 10
Highest fine 8,000 €
Lowest fine 1,000 €
Total amount of fines 29,000 €
Number of corrective measures 10
Number of fines triggered by data breach notifications 4
Number of fines triggered by complaints 7
Legal provisions mentioned in press releases Article 5 (1) a), c) and e), Article 6 (1), Article 7, Article 12 (3) and (4), Article 15, Article 17, Article 21, Article 25 (1) and (2), Article 32 (1) b), d), and (2)