IN THE SPOTLIGHT

Cybersecurity and information or network protection. Future cyber technology web services for business and internet project

Processor sanctioned for inadequate security measures leading to unlawful disclosure of personal data

On June 15, 2026, the Romanian DPA concluded an investigation into a company operating in the private security sector. The DPA found that the company had failed to ensure that individuals acting under its authority processed personal data only on its instructions and to implement appropriate measures to ensure an adequate level of security. As a result, the DPA issued an administrative fine amount…
AdobeStock_469644365 [Converted]

Controller sanctioned for inadequate security measures and failure to notify the data breach within the statutory time limit

On May 29, 2026, the Romanian DPA concluded an investigation into a banking and financial services company. The DPA found that the company had violated its obligation to implement appropriate safeguards ensuring that any natural person acting under the authority of the controller or the processor and having access to personal data processes such data only on the controller’s instructions, taking i…
This technology-inspired data abstract background is perfect for capturing the essence of the internet's vast expanse of information.

Bucharest Court of Appeal partially overturns GDPR sanction by annulling corrective measure

A recent data protection-related court case involving a Romanian data controller challenging GDPR-related sanctions and corrective measures resulted in a partially favorable outcome for the company. While the court upheld the fine imposed for the GDPR infringements, it annulled the corrective measure requiring the erasure or destruction of personal data used as a means of identification. As bac…

ARTICLES

Abstract digital data background. Wave with moving dots. Musical stream of sounds. 3D .

Romanian DPA Report – A Year in Review – 2024

Authors: Iurie Cojocaru, Diana Albu
Romanian DPA case studies – our top 5 picks 1. Refusal to provide actual call recording and provision of transcript only Case study: A customer filed a complaint with the Romanian DPA, claiming that a mobile phone company had denied her right of access by refusing to prov…
Digital graphs and hexagon grids with abstract high speed technology POV motion blur

GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update

Authors: Iurie Cojocaru, Mihai Rotaru
As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…

Speaking engagements

AdobeStock_469644365 [Converted]

Iurie Cojocaru attended the IAPP UK Intensive 2026 Conference

Between 23-26 February, Iurie Cojocaru, Partner and Head of the Data Protection practice attended the IAPP UK Intensive 2026, a premier gathering for professionals in the fields of privacy, artificial intelligence governance and digital responsibility. This year’s intensive showcased a broad spectrum of voices and perspectives and explored legislations, regulations, technology and operational p…
Cyber security and information network protection. Future technology network for business and internet concept. Earth element furnished by Nasa

Oana Stefan – speaker at an online debate organized by Juridice.ro

On February 9, our colleague, Oana Stefan, Associate in the Data Protection practice, was a speaker at the online debate “Online platforms, all eyes and ears. At GDPR”, organized by Juridice.ro. The debate was live on Juridice.ro. More details about the event and speakers are available here.
AdobeStock_469644365 [Converted]

Iurie Cojocaru – speaker at the GDPR Data Privacy Observer 2026 conference

On January 22, Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the 5th edition of the GDPR Data Privacy Observer 2026 conference. Iurie joined the discussions in the first panel of the event and talked about the impact of the Omnibus package on data protection. Also, during the fifth edition Awards Gala organized by the Romanian Magazine for the Protection …

Statistics