The Romanian DPA has levied cumulative fines amounting to EUR 7,000 against a major retail chain for several breaches of the GDPR.
The fines were imposed following multiple data breach notifications and subsequent investigations that exposed significant lapses in the retail chain's data protection measures, resulting in unauthorized access and disclosure of personal data.
Details of the Brea…
The Romanian National Cyber Security Directorate (DNSC) has published the draft law on the transposition of the Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the EU (NIS2 Directive).
According to the NIS2 Directive, all EU Member States, including Romania, must adopt the measures to comply with this Directive by 17 October 2024. This means that the Romania…
On 1 August 2024, the Artificial Intelligence Act (AI Act) enters into force as Regulation (EU) 2024/1689.
This entry into force comes 20 days from the date of publication of the regulation in the Official Journal of the European Union.
The text of the AI Act is available here.
The regulation will mainly become applicable 2 years as of the entry into force, with certain exceptions.
Amo…
It is hard to regulate technology. One of the reasons, amongst many others, is time. What you regulate today does not correspond to the technical landscape of tomorrow. Back in the first decade of 2000, when the ePrivacy Directive was adopted and amended, the European legislator did n…
Romanian DPA case studies – our top 5 picks
1. Refusal to provide the contractual clauses which represent the safeguard for the data transfer to a third country
Case study: A data subject complained about the refusal of a financial banking institution to provide him with…
As we all know, “personal data” represents information related to an identified or identifiable natural person.
So how do you identify someone? By name or through an image, one would answer. But what happens when we do not know the name and the image of the person but we are able to …
On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation.
Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…
On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force.
Moreover, the third edition of the Romanian R…
On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients.
In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…