Five years of GDPR: An overview of GDPR implementation

Back to All Thought Leadership

As May 2023 marks the fifth anniversary of the implementation of GDPR[1], we have prepared an overview of the five years of regulatory struggle in Romania since the regulation came into effect. By examining the value of the sanctions and the types of violations, we can identify some regulatory trends of the local practice.

Statistics on fines

In the first year of GDPR (i.e., May 2018–May 2019), the Romanian Data Protection Authority (“the Authority”) did not issue any fines, but only recommendations[2], even if a significant number of ex-officio investigations were performed (namely 336). This was a year of accommodation.

In the following years (May 2019–end of 2021), the Authority continued to carry out ex-officio investigations, with an average of 385 investigations per year, issuing an average of 14 fines per year.

In particular, in 2020 the Authority carried out the highest number of ex-officio investigations (i.e., 398)[3] while in 2021 the Authority applied the highest number of fines… Read more

Sign In

[login_form] Lost Password