ILN Data Privacy Paper

Romania

by Law 190/2018 is the principal data protection legislation in Romania. The collective citation of these pieces of legislation used hereafter will be “Romanian Data Protection Acts”. Law 129/2018 completing Law No 102/005 on the establishment, organization and functioning of the National Supervisory Authority for Personal Data Processing repealed the previous laws, Law 667/2001 for the protection of individuals in regards to Personal Data Processing and the free circulation of such data which regulated the data protection in Romania before the enactment of the GDPR. In Romania, the following pieces of sectoral-specific legislation impact data protection: Law No 146/2021 on electronic monitoring in judicial and executive criminal proceedings Law No 363/2018 on the protection of individuals with regard to the processing of personal data by competent authorities for the purpose of preventing, detecting, investigating, prosecuting and combating criminal offences or the execution of penalties, educational and security measures, and on the free movement of such data. Law No 506/2004 on the processing of personal data and the protection of privacy in the electronic communications sector

However, this Guide does not cover these laws, but instead focuses on the general rules applicable to Data Protection in Romania, highlighting, whenever applicable, the derogations as contained in Law 190/2018 which are permitted under the GDPR. 2.2. Additional or ancillary regulation, directives or norms The National Authority for the Supervision of Data Processing (ANSPDCP) is the Romanian supervisory authority that is responsible for monitoring the application of the GDPR, and has functions and powers related to the regulation of data processing, monitoring the fulfilment of legal obligations by personal data controllers, and investigation of violations of data subjects' rights, ex officio or upon the receipt of a complaint or referral. In the exercise of its powers, the ANSPDCP shall issue binding decisions and instructions to public authorities and institutions, legal entities governed by private law, and any other bodies, as well as to natural persons whose activities fall within the scope of the legislation on the protection of individuals with regard to the processing of personal data, hereinafter referred to as entities. Decisions and instructions of a regulatory nature are published in the Official Gazette of Romania. The applicable decisions are:

www.peterkapartners.com/e n/local/bucharest/

Made with FlippingBook - PDF hosting