Romania - Data Protection Overview Guidance Note
Written by:Ciprian Timofte and Sergiu Crețu
Article link: pdf/en/articles/DataGuidance_Guidance_Note___Romania___Data_Protection_Overview.pdf
Publisher:
The main legal enactment in data privacy field is Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data ('the Privacy Act'), published in the Official Gazette of Romania No. 790 dated 12 December 2001, as subsequently amended and supplemented. The Privacy Act fully implements the Data Protection Directive (95/46/EC), having substantially similar provisions.
There are also a series of laws regulating the processing of personal data in particular sectors, such as:
• Law No. 506/2004 on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector, published in the Official Gazette of Romania No. 1101 dated 25 November 2004 ('the ePrivacy Law'). The ePrivacy Law implements the European Directive on privacy and electronic communications (2002/58/EC).
• Law No. 365/2002 on Electronic Commerce, published in the Official Gazette of Romania No. 959 dated 29 November 2006, as subsequently amended and supplemented ('the E-Commerce Law') (only available in Romanian here). The E-Commerce Law implements the European Directive on Electronic Commerce (2000/31/EC).
There are also secondary norms regulating various data privacy matters, most of which consist in administrative regulations (decisions) passed by the National Supervisory Authority for Personal Data Processing ('ANSPDCP') with regard to matters such as transfer abroad of personal data, video monitoring, processing of personal data performed in an evidence system of credit bureau type systems (unofficial translations of the ANSPDCP's decisions may be found here).
For further details, please download the attached .pdf