Laura Agatinei, Author at NNDKP Privacy Out Loud

Enforcement statistics in Romania May 2026

based on the press releases published by the Romanian supervisory authority on its website in that month

-                                        Number of fines
-                                        Highest fine
+,000 €
-                                        Lowest fine
+,000 €
-                                        Total amount of fines
+,000 €
-                                        Number of corrective measures
-                                        Number of fines triggered by data breach notifications
-                                        Number of fines triggered by complaints
-                                        Legal provisions mentioned in press releases
+                                        Article 32 (1) b), (2), (4) and Article 33 (1)

NNDKP’s Data Protection and Privacy practice has been providing expert advice on virtually all aspects related to this field, as a stand-alone group, since 2008. Our experienced team is one of the most awarded on the local market. It received the distinction of “Best law firm for Data Protection in Romania” in 2021 and 2019 at the Romanian Legal Awards Gala by Legal Marketing and the “Legal Innovation award for Data Protection in Romania” in 2018 by The Times, Legal Marketing.

Iurie Cojocaru

Partner, Head of the Data Protection practice

View profile on NNDKP

Tags:Data breachData ProtectionGDPR fine

AdobeStock_469644365 [Converted]

Controller sanctioned for inadequate security measures and failure to notify the data breach within the statutory time limit

On May 29, 2026, the Romanian DPA concluded an investigation into a banking and financial services c…

Tags:Data ProtectionGDPR fineUnlawful processing

Basic RGB

Gambling company sanctioned for unlawful processing and failure to verify data accuracy

On April 28, 2026, the Romanian DPA concluded an investigation into a gambling company. The DPA foun…

Tags:Court caseData breachData Protection

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

Bucharest Tribunal confirms DPA sanction for unlawful disclosure of personal data

On March 16, 2026, the Bucharest Tribunal dismissed a complaint from a company in the oil and gas se…

Tags:Court caseData breachData Protection

AdobeStock_295690916 [Converted]

Suceava Tribunal confirms DPA sanction for unlawful disclosure of personal data and failure to notify the data breach

On February 19, 2026, the Suceava Tribunal dismissed a complaint from a company in the tourism secto…

Tags:Data breachData ProtectionGDPR fine

Big Data concept. Digital neural network. Introduction of artificial intelligence. Cyberspace of future. Abstract business 3D illustration, shallow depth of field

Energy-sector controller fined for inadequate security measures

On October 9, 2025, the Romanian DPA announced the conclusion of an investigation concerning a contr…

Tags:AIAI ActAI Systems

AdobeStock_242262576

From Governance to Enforcement: What Applies Under the AI Act as of August 2025

On 2 August 2025, a new set of provisions under Regulation (EU) 2024/1689 on Artificial Intelligence…

Tags:Cyber securityDNSCNIS2

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

Law 124/2025 approves with amendments the NIS2-transposing ordinance in Romania

On 7 July 2025, Law No. 124/2025 was published in the Official Gazette of Romania, approving Governm…

Tags:ANSPDCPData ProtectionData Subject Rights

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

Romanian DPA fines controller with EUR 3000 following multiple GDPR breaches

On 26 June 2025, the Romanian DPA announced new sanctions, consisting of 2 fines of 2000 EUR and 100…

Tags:DPAfinegdpr

AdobeStock_242262576

Failure to respond to authority requests for information sanctioned by the Romanian DPA

Lately, the Romanian DPA announced two new sanctions for violation of GDPR article 58. A natural …

Tags:Court casefinegdpr

Cyber security safe encrypted digital data networks for secure global information technology - Conceptual 3D illustration rendering

Court partially overturns GDPR sanctions applied in the context of GPS monitoring

A recent court case involving a Romanian data controller and the Romanian Data Protection Authority …

1 2 3 … 43

Statistics