Romania
The collective citation of these pieces of legislation used hereafter will be "Romanian Data Protection Acts". Law 129/2018, completing Law No 102/005 on the establishment, organization, and functioning of the National Supervisory Authority for Personal Data Processing repealed the previous laws, Law 667/2001 for the protection of individuals in regards to Personal Data Processing and the free circulation of such data, which regulated the data protection in Romania before the enactment of the GDPR. In Romania, the following pieces of sectoral-specific legislation impact data protection: Law No. 146/2021 on electronic monitoring in judicial and executive criminal proceedings Law No 363/2018 on the protection of individuals concerning the processing of personal data by the competent authorities for the purpose of preventing, detecting, investigating, prosecuting, and combating criminal offences, or the execution of penalties, educational and security measures, and on the free movement of such data. Law No 506/2004 on the processing of personal data and the protection of privacy in electronic communications.
Please note that this Guide does not cover these laws, but instead focuses on the general rules applicable to Data Protection in Romania, highlighting, whenever applicable, the derogations as contained in Law 190/2018, which are permitted under the GDPR. 2.2. Additional or ancillary regulation, directives, or norms The National Authority for the Supervision of Data Processing (ANSPDCP) is the Romanian supervisory authority that is responsible for monitoring the application of the GDPR, and has functions and powers related to the regulation of data processing, monitoring the fulfilment of legal obligations by personal data controllers, and investigation of violations of data subjects' rights, ex officio or upon the receipt of a complaint or referral. In the exercise of its powers, the ANSPDCP shall issue binding decisions and instructions to public authorities and institutions, legal entities governed by private law, and any other bodies, as well as to natural persons whose activities fall within the scope of the legislation on the protection of individuals about the processing of personal data, hereinafter referred to as “entities”. Decisions and instructions of a regulatory nature are published in the Official Gazette of Romania. The applicable decisions are:
www.peterkapartners.com/e n/local/bucharest/
Made with FlippingBook - PDF hosting