A gambling company fined for failing to properly respond to data access requests
On December 10, 2025, the Romanian DPA concluded an investigation into a gambling company. The DPA f…
Chartered accountant fined for inadequate data security measures
On November 27, 2025, the Romanian DPA wrapped up an investigation into a data controller operating …
Energy-sector controller fined for inadequate security measures
On October 9, 2025, the Romanian DPA announced the conclusion of an investigation concerning a contr…
From Governance to Enforcement: What Applies Under the AI Act as of August 2025
On 2 August 2025, a new set of provisions under Regulation (EU) 2024/1689 on Artificial Intelligence…
Law 124/2025 approves with amendments the NIS2-transposing ordinance in Romania
On 7 July 2025, Law No. 124/2025 was published in the Official Gazette of Romania, approving Governm…
Romanian DPA fines controller with EUR 3000 following multiple GDPR breaches
On 26 June 2025, the Romanian DPA announced new sanctions, consisting of 2 fines of 2000 EUR and 100…
Failure to respond to authority requests for information sanctioned by the Romanian DPA
Lately, the Romanian DPA announced two new sanctions for violation of GDPR article 58.
A natural …
Court partially overturns GDPR sanctions applied in the context of GPS monitoring
A recent court case involving a Romanian data controller and the Romanian Data Protection Authority …
GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update
Authors: Iurie Cojocaru, Mihai Rotaru
As the EU General Data Protection Regulation (GDPR) …![AdobeStock_295690916 [Converted]](https://privacyoutloud.ro/wp-content/uploads/2023/04/AdobeStock_295690916-Converted-710x355.jpg)
Romanian Cybersecurity Authority issues draft orders on NIS2 Notification and Risk Assessment
The Romanian Cybersecurity Authority (DNSC) has recently published some updates regarding the second…
