On 7 July 2025, Law No. 124/2025 was published in the Official Gazette of Romania, approving Government Emergency Ordinance No. 155/2024 on establishing a framework for the cybersecurity of networks and information systems in the national civil cyberspace (Ordinance), which transposes the EU NIS2 Directive. This law introduced several amendments to the Ordinance, among which the most relevant are …
On 27 June 2025, the Romanian DPA announced a fine of the RON equivalent of 4000 EUR imposed against a controller operating in the construction industry for violation of the Romanian ePrivacy Law.
The sanction was applied following an investigation triggered by a complaint submitted by a natural person alleging possible breach of GDPR by an online shop.
Further to the investigation, the Roma…
On 26 June 2025, the Romanian DPA announced new sanctions, consisting of 2 fines of 2000 EUR and 1000 EUR respectively and a reprimand, imposed for a controller active in the customized consumer goods sector for several violations of the GDPR.
The sanctions were applied following an investigation triggered by a complaint submitted by a natural person alleging possible violations of personal dat…
As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…
Our top judgements of the Court of Justice of the European Union
(26 MAY 2024 – 25 MAY 2025)
1. Judgement in the Case C-621/22 - Koninklijke Nederlandse Lawn Tennisbond
What the Court mainly said: According to the CJEU, a purely commercial interes…
Romanian DPA case studies – our top 5 picks
1. Unlawful disclosure of a photo
Case study: A doctor complained to the Romanian DPA that the public hospital where she is employed published her personal data without her consent. The hospital (acting as controller) published…
On 28 May 2024, NNDKP organized the EU AI Act: First steps towards compliance webinar which focused on the legal updates introduced by the new regulation.
Together with the participants, our colleagues, Iurie Cojocaru, Partner and Head of the Data Protection Practice, and Madalina Vasile, Managing Associate in the same practice, discussed about the legal provisions of the EU AI Act which compan…
On January 25, Iurie Cojocaru, Partner and Head of the Data Protection Practice, was a speaker at the „GDPR – Data Privacy Observer 2024” conference. Iurie Cojocaru talked in the conference`s first session of discussions and shared information on the personal data protection requirements resulting from the EU`s Data Act, recently entered into force.
Moreover, the third edition of the Romanian R…
On Tuesday, November 21, NNDKP`s Data Protection practice organized an event focused on current issues in the field of data protection and security, an information and debate opportunity dedicated to clients.
In an interactive discussion framework, the participants discussed topics of interest with NNDKP`s data protection team members and analyzed various situations encountered in practice, fac…