On 25 July 2022, the Romanian DPA issued a press release on the publication of the Annual Report for 2021.
The Report covers the presentation of the activity of the Romanian DPA for 2021, as well as certain statistics, including graphics compared to previous years. Also, it includes case studies from its activity, as well as its most relevant points of view.
In a nutshell, the key numbers for the Romanian DPA’s activities performed in 2021 include:
A. Statistics on complaints, notices (Romanian: sesizări) and data breach notifications
- 4634 complaints received;
- based on them, 319 investigations were opened, resulting in:
- 15 fines, out of which 14 fines based on GDPR (totally amounting to RON 141,530.1 – equivalent of EUR 28,700) and one fine based on ePrivacy Law 506/2004 (amounting to RON 10,000);
- 71 warnings;
- 40 corrective measures;
- 171 notices and 201 data breach notifications received;
- based on them, 372 investigations were opened, resulting in:
- 21 fines totally amounting to EUR 46,750;
- 22 warnings;
- 16 corrective measures;
- 1 admonishment.
- in total: 5,006 complaints, notices and data breach notifications received;
- based on them, 691 investigations were opened, resulting in:
- 36 fines totally amounting to RON 371,131.95;
- 93 warnings;
- 56 corrective measures;
- 1 admonishment.
B. Other statistics:
- 941 requests received for points of view on matters related to the protection of personal data;
- 68 legislative drafts on which Romanian DPA issued its notice;
- 26 cases pending before the Court of Justice of European Union in which Romanian DPA has issued its opinion;
- 152 files pending in court dealt by Romanian DPA, out of which:
- 25 new claims;
- 6 claims against acknowledging/sanctioning minutes of Romanian DPA;
- 15 preliminary complaints received by Romanian DPA from persons unsatisfied by the answer of this authority; in the context of the administrative dispute resolution procedure (8 of such preliminary complaints were accepted);
- 40 requests received and analyzed by Romanian DPA from multinational companies for the approval of binding corporate rules (BCRs).