Romania
Regulation of personal and non- personal data: As per the GDPR. Regulation of electronic and non- electronic data: As per the GDPR. Specific Romanian regulations Three situations of data processing are regulated separately from the provisions of the GDPR, namely: Processing a national identification number The processing of a national identification number, along with the collection or disclosure of documents containing it, must adhere to specific safeguards implemented by the controller. These safeguards include: a) Implementation of Appropriate Technical and Organizational Measures: The controller must establish and apply suitable technical and organizational measures. These measures serve to ensure compliance with the principle of data minimization, as well as to guarantee the security and confidentiality of the personal data processing. b) Appointment of a Data Protection Officer (DPO): The controller is required to appoint a Data Protection Officer, responsible for overseeing and advising on compliance with data protection regulations. c) Establishment of Storage Periods : The controller should define storage
p eriods based on the nature of the data and the purpose of processing. Additionally, specific timeframes must be set for the deletion, or review for deletion, of personal data. d)Regular Training: Persons involved in processing personal data under the direct authority of the controller or processor must undergo regular training. This training aims to ensure a comprehensive understanding of Processing of personal data in the context of employment relationships Where monitoring systems by means of electronic communications and/or video surveillance are used at the workplace, the processing of personal data of employees for the purpose of the legitimate interests pursued by the employer is only permitted if the following conditions are met: a) Balancing of Interests: The legitimate interests pursued by the employer must be duly justified, and these interests must outweigh the interests, rights, and freedoms of the data subjects (employees). b) Full and Explicit Prior Information: The employer is required to provide employees with comprehensive and explicit information before initiating the monitoring systems. This ensures transparency regarding the purpose and scope of the data processing.
www.peterkapartners.com/e n/local/bucharest/
Made with FlippingBook - PDF hosting