Skip to main content

While preparing for the GDPR – Romania's perspective

Adelina Iftime-Blagean (RO), Partner of EuroCloud CPC Network

Data protection becomes hotter and hotter. Years ago a rather low tier area of law and practice, data protection is now being perceived as one of the coolest area to be within. High fines raise awareness and interest from the business environment. The Data Protection Authority is the new Competition Council, empowered to calculate and apply fines at the level of global revenues of an organization.

Everybody is passionate about getting at least some information about GDPR. While the GDPR entered into force in May 2016, it is only starting 2017 that all stakeholders included the topic on their agenda and budgets. Now every Tom, Dick, and Harry is organizing events on GDPR readiness: media, IT companies, law firms and other consultants. The authority is invited and graciously accepts such invitations.

IT companies seem already prepared to deliver their technical input through applications, programs and gap analysis services. Companies controlling and processing personal data in any form and/or capacity may give the impression however of being slightly lost or lacking project management or GDPR granularity. That is why multi-disciplinary consortia and collaborations are being initiated, data protection officers are searched for within organizations or externally and GDPR impact is being considered. The Data Protection Authority is at its turn preparing and learning and appears rather empathic with controllers and processors and sensitive to their concerns. A grace period even following the entrance into effectiveness of the GDPR looks slightly implicit and accepted, at least for the time being.

Traditionally, Romania was typically more formalistic in terms of processes and procedures than its peers within the EU. For instance, currently still, transfers to third countries outside the EU, the EEA, as well as to countries considered as not offering an adequate level of protection, require in all instances at least the prior notification, if not the authorization of the Data Protection Authority, even if the consent of data subjects is being obtained, respectively standard clauses are in place. The Data Protection Authority reviews and assesses the transfer underlying documentation and the transfer cannot be implemented until the Data Protection Authority approves such transfer. From a timing perspective, this process may take 2-3 months. The change of perspective under the GDPR is therefore even more interesting and welcome in Romania. 


Article published by:

Adelina Iftime-Blagean

Cloud Privacy Check (CPC). Data Privacy Compliance in the Cloud Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.


About Us

EuroCloud is an independent non-profit organization and consists of a two-tier setup where organisations form all European countries can apply to participate in as long as they respect the EuroCloud Statutes.

To act as a true European player, all programs that are developed are intended to be European activities. These European programs are the strength of EuroCloud as a whole. Respect to local cultures along with the will to promote a real European spirit.