Romania
Decision No. 133 of 3 July 2018 approving the Procedure for the receipt and settlement of complaints Decision No. 161 of 9 October 2018 approving the Procedure for conducting investigations Decision No 174 of 18 October 2018 on the list of operations for which it is obligatory to carry out a personal data protection impact assessment Relevant for the interpretation of GDPR concepts at the national level is the general guidance (including guidelines, recommendations, and best practices) issued by the European Data Protection Board (EDPB), which serves to clarify the core notions of the GDPR and promote a consistent understanding of EU data protection law. This guidance is routinely followed by the Romanian Data Protection Authority (ANSPDCP) when responding to requests for opinions submitted by controllers and processors from both the public and private sectors, as well as by other entities and individuals, on various aspects concerning the application of the GDPR and related regulatory frameworks. In this context, a notable development is the adoption by the EDPB, at its June 2025 plenary session, of Guidelines No. 2/2024 on Article 48 GDPR, addressing data transfers to third countries, in their final form.
From perspective, enforcement activity by the ANSPDCP in 2024 focused on online operators in the retail sector, largely in response to complaints from data subjects. Key compliance failures included the use of non-essential cookies without prior consent and the processing of personal data— such as telephone numbers—for direct marketing without a valid legal basis under Article 6(1)(a) GDPR. Sanctions ranged between RON 20,000 and RON 75,000 a practical (approximately EUR 4,000–15,000), typically accompanied by corrective measures, such as the reconfiguration of cookie consent mechanisms. 2.3. Upcoming or proposed legislation (if applicable) There is no upcoming or proposed legislation in Romania. Scope of Application 3.1. Legislative Scope As per the GDPR. 3.1.1. Definition of personal data As per the GDPR. 3.1.2. Definition of different categories of personal data As per the GDPR. 3.1.3. Treatment of data and its different categories
www.peterkapartners.com/e n/local/bucharest/
Made with FlippingBook - PDF hosting