Data Protection Law (GDPR)

Personal data protection law governs the manner in which organizations collect, process, store, and transfer the personal data of natural persons.

What services do we provide in the field of data protection law (GDPR)?

In the European Union, this field is governed by the General Data Protection Regulation (GDPR – Regulation (EU) 2016/679), which is directly applicable in all Member States, including Romania.
 

GDPR compliance audit

Assessment of data processing activities within the company. Identification of risks and non-compliance issues. Preparation of the...read more audit report and tailored recommendations.

Drafting and updating GDPR documentation

Privacy policies, terms and conditions. Notices and consent forms for clients, employees, and...read more collaborators. Data processing agreements (DPAs) and internal procedures.

Consultancy regarding data subjects’ rights

Responses to requests for access, rectification, and erasure (the right to be forgotten). Management of requests regarding data portability or...read more objection to processing. Assistance in cases involving complaints filed with the supervisory authority (ANSPDCP).

Assistance for employers regarding the protection of employees’ personal data

Assessment of the legal grounds for data processing in employment relationships. Video surveillance, timekeeping systems, access control, and...read more monitoring systems. Consent forms, internal policies, and staff training.

International compliance and data transfers outside the EU

Assistance regarding transfers to third countries (the United States, Asia, etc.). Verification of the...read more legal bases for international data transfers.

Representation before the ANSPDCP and before the courts.

Assistance in investigations conducted by the data protection authority. Challenges to fines and administrative sanctions. Legal...read more representation in litigation concerning data subjects’ rights.

Frequently asked questions about Personal Data Protection (GDPR)

Below are some of the most frequently asked questions we receive from our clients regarding financial and banking law. For any additional questions, please do not hesitate to contact us.
01

What does ‘personal data’ mean?

Personal data are any information that can lead to the identification of a natural person, such as name, personal identification number, email address, IP address, location data, biometric data, voice, image, etc. Even a customer code or an internal ID may be considered ‘personal data’ if it can be associated with an individual.

02

Is it mandatory to implement GDPR if we do not process sensitive data?

Yes. The GDPR applies to any data controller that processes personal data, not only to those that collect sensitive data. Seemingly innocuous data, such as an email address or a telephone number, also fall within its scope.

03

What rights does a data subject have under the GDPR?

Individuals have several rights:

  • the right of access to personal data,
  • the right to rectification,
  • the right to erasure (‘the right to be forgotten’),
  • the right to data portability,
  • the right to object
  • the right not to be subject to automated decision-making.

The data controller is required to respond to such requests within a maximum of 30 days.

04

What must a GDPR-compliant privacy policy contain?

It must include: the identity of the data controller, the purposes of processing, the legal grounds, the recipients of the data, the retention period, the rights of data subjects, and information on international data transfers. The text must be clear, concise, and easy to understand.

05

Do we need to have internal GDPR policies even if we are a small company?

Yes. Regardless of size, any company that processes personal data must comply with the GDPR requirements. This entails having internal policies, compliance documentation, a record of processing activities, and appropriate technical and organizational measures.

Comprehensive legal services
With 18 years of experience, we deliver reliable and effective legal solutions for a wide range of legal challenges, including intellectual property, public procurement, business law, and beyond.
Contact
Legal insights
Current articles and information across diverse legal fields, intended to enhance understanding of the legal framework and its practical implications.