Romania - Report on 2015 activity published by the Romanian Data Protection Authority

Published 28 June 2016

On 1 June, the Romanian Data Protection Authority ("RDPA") issued its 2015 annual report (the "Report"), which summarises the activity of the RDPA last year. In the Report, the RDPA highlighted that one of its key focusses had been increasing the intensity of monitoring and control measures in cases of complaint or referral. In addition, the Report also details investigations into data protection compliance initiated by the RDPA.

In terms of sanctions applied, the RDPA registered an overall increase in the value of fines compared to last year. Specifically, the Report shows that the fines for 2015 amounted to a total sum of RON 679,700 (approx. EUR 152,100), whereas the total sum in 2014 was only RON 282,200 (approx. EUR 63,200). Therefore, according to the Report, the fines level increased by 141%.

The breakdown of these fines were as follows:

• The fines applied as a consequence of complaints or referrals totalled RON 238,200 (approx EUR 53,300); and
• As far as the ex officio investigations are concerned, the RDPA carried out 106 control actions. The sanctions applied were 64 fines totalling RON 441,500 (approx. EUR 98,800) and 32 warnings.

Moreover, the Report emphasises one of the RDPA's main objectives, which is the protection of individual rights, which involves the RDPA resolving the complaints and referrals it receives. According to the Report, the majority of the complaints that were not able to be resolved were actually rejected because they did not follow the required preliminary legal procedure. However, the number of resolved petitions increased considerably in 2015, amounting to 1074 complaints and 175 referrals. From the RDPA's perspective, this is a good indicator of the fact that people trust the RDPA to take action if their rights are violated.

The increased fines and enforcement activity signals a slightly more hands-on approach by the RDPA. As such organisations would be well advised to ensure now their data processing activities in Romania are compliant with Romanian data protection law.

The Report can be accessed here (Romanian).

Submitted by Irina Garlasu, Iurie Cojocaru and Roxana Ionescu of Nestor Nestor Diculesco Kingston Petersen – Bucharest, Romania