Data Privacy
Țuca Zbârcea & Asociații has developed an outstanding practice in the data privacy field. We have a robust specialised team always focused on finding innovative solutions and pragmatic approaches. Our assistance covers a wide range of business fields, such as technology, digital, media & telecommunications; banking, financial & insurance; energy & gas; e-commerce & retail; health & pharma; gambling & social games, etc.
Our Services
interpretation of the Romanian data privacy law in light of the EU legislation.
review of data processing/ data transfer agreements, internal policies addressed to companies’ employees and management/ rules regarding implementation of various HR tools, documents on whistle-blowing systems, questionnaires regarding Romanian data privacy legal framework (drafted and used in the context of implementation of various transactions/ projects), documents outlining use of cloud computing/ implementation of various IT services, drafting informative materials on rights granted by Romanian data privacy law to individuals whose data are being processed etc.
representing the clients in front of the local regulatory authority as regards the lodging of notifications on envisaged processing of personal data, submission of requests on issuance of authorisations of international transfer of personal data, as well as in connection with any other matters which fall under the National Supervisory Authority for Personal Data Processing (ANSPDCP).
Client Highlights
One of the biggest telecom carriers, conducting full-fledge GDPR audits, either regular audits or targeted ones to check the GDPR compliance degree in the context of a broader due diligence exercise; drafting privacy policy and various information notices; drafting and revising the internal GDPR documentation and policies; assisting in all data privacy matters in the context of various corporate reorganisations and acquisitions of businesses, including data privacy issues triggered by the integration of new businesses; advising on a wide range of data privacy matters related to their day-to-day business (e.g., addressing the data subjects’ requests, reviewing the contracts with suppliers, suppliers’ audit, etc.); assisting in relation to the local data protection authority (ANSPDCP), particularly as regards various filings, regulatory investigations, obtaining formal regulatory guidance, etc.
One of the biggest banks in Romania, for all typical phases to check and ensure GDPR compliance, from the preliminary audit phase to stream-based implementation phase, including conducting complex data privacy impact assessments (DPIAs) with regard to core use cases; assistance in connection with the implementation of a complex GDPR training program; assistance in connection with the legal aspects related to the use of cloud computing by financial institutions.
One of the leading energy and gas suppliers, for all typical phases to check and ensure GDPR compliance, from the preliminary audit phase to stream-based implementation phase with regard to core use cases; advising in the context of M&A transaction in respect to relevant GDPR key issues and strategy; advising in respect to safeguards to be implemented in the context of third country data transfers, with a focus on Schrems-II case; advising in respect to management of data subjects requests, security breaches and NIS requirements.
One of the leading worldwide ICT providers, for all typical phases to check and ensure GDPR compliance, from the preliminary audit phase to stream-based implementation phase with regard to core use cases; assistance in drafting of various data privacy related documents and procedures, such as: DPIA, LIA analysis, information notices, DPAs, data subjects’ requests replies.
One of the biggest retailers in Romania, in various data privacy matters pertaining to the day-to-day activities, including COVID-19 related advice; conducting data privacy impact assessments (DPIAs) on certain digital tools and e-platforms and assisting in the implementation process; drafting and revising various transparency instruments (T&C, privacy policies, etc.)
The local subsidiaries of one of the largest international media groups, full fledge GDPR implementation at the level of its local subsidiaries; this mandate included a GDPR audit of core activities and processing practices, as well as drafting the implementing documents; data privacy legal assistance in relation to day-to-day activity, including: regulatory matters, security breaches management and notification, management of data subjects’ rights, etc.
One of the leading all-in-one monetization platforms for digital businesses, in conducting various data protection impact assessments (DPIAs) on core use cases, well as on various GDPR punctual complex matters; assistance in ensuring transparency in relation with data subjects; assistance in the management of security breaches.
One of the largest worldwide players in social e-gaming, GDPR audit and implementation of the HR use cases, including drafting the related GDPR documentation; day-to-day activities, including management of data subjects’ rights, management of security breaches.
A service provider for digital advertising, full GDPR auditing of dedicated advertising platform, including assistance in the GDPR implementation phase; assistance in respect to the management of data subjects’ rights requests.
A medical services provider, concerning the data processing operations undertaken and essential GDPR requirements applicable; review of patient’s forms from a data privacy perspective; review of contracts concluded with services providers from a data privacy perspective.