Support Centre

Romania

Summary

Law: Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) (the Law) and the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR)

Regulator: National Supervisory Authority for Personal Data Processing (ANSPDCP)

Summary: The GDPR was implemented in Romania in 2018 through the Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) (the Law). The Law is relatively comprehensive and includes, in particular, detailed provisions on the processing of data for journalistic purposes or academic or artistic expressions, on certification bodies, and on corrective measures and sanctions for both private and public bodies. Under the Law, the National Supervisory Authority for Personal Data Processing (ANSPDCP) is the competent supervisory authority for data protection matters. The ANSPDCP is an active regulator that has released a dedicated GDPR resource center for organizations, has issued fines and guides concerning the GDPR.