Home » Comunicat_Presa_25.05.2023
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

25.05.2023

25th of May 2023 – The ANSPDCP’s activity

 

With the occasion of the celebration of five years since the application of the General Data Protection Regulation, on the 25th of May 2023, we hereby present a summary of the most significant aspects from the activity of the National Supervisory Authority for the first four months of 2023.

Therefore, during January-April, the National Supervisory Authority received 1,565 complaints, intimations and data security notifications, based on which 199 investigations were started.

Following the investigations performed within this period, 36 fines in total amount of Lei 353,865 (the equivalent of EUR 71,900) were imposed.

Also, within the control activity, 40 reprimands and 39 corrective measures were applied.  

As regards the complaints handling activity, during the first four months of the current year, the National Supervisory Authority received 1,385 complaints, based on which 81 investigations were started.

During the same time period, the data controllers submitted 66 data security breach notifications and 114 intimations regarding possible irregularities in relation to the GDPR provisions. Following their receipt, 118 ex officio investigations were initiated.  

The complaints, intimations and data security notifications received by the National Supervisory Authority during this time period mainly envisaged the following aspects:  

  • the disclosure of personal data to third parties or on the Internet;
  • the use of video surveillance means at the workplace or at the level of the owners’ associations;
  • the infringement of the data subjects’ rights;
  • the infringement of the conditions for the information of the data subjects;
  • the receipt of unsolicited commercial messages through electronic communication means;
  • cyber/information attacks;
  • the disclosure of children data;
  • the infringement of the data processing principles.

Also, during the first 4 months of this year, a number of 336 requests for points of view were addressed to our institution in relation to various aspects regarding the manner of interpretation and application of the GDPR and of the other applicable regulations, by the controllers and their processors, from the public and private field, by other entities as well as by natural persons.

During the same time period, the National Supervisory Authority issued opinions on 35 normative acts drafts submitted by public institutions that implied the assessment of complex aspects regarding the processing of personal data. Regarding the activity of representation before the courts, during the first four months of 2023, a number of 17 new requests for summons were registered.

Out of these, 12 requests for summons that have as object the challenging of the findings/sanctioning reports concluded by the representatives of the National Supervisory Authority were received. More information on this aspect is to be found within the press release from 02.05.2023(https://www.dataprotection.ro/?page=Comunicat_Presa_02_05_2023&lang=ro)

At the same time, during this period of time, the information actions dedicated to the popularisation of the personal data protection rules continued.

Thus, for the celebration of the European Data Protection Day, an online Conference with the theme “The effectiveness of the GDPR application in an interconnected world” was organized. Also, the informative brochure dedicated to this annual event, which contains relevant elements from the activity of the National Supervisory Authority, was posted on the website of the institution, both in Romanian and English.  

With this occasion, in order to increase the awareness at the level of some categories of data subjects, the National Supervisory Authority initiated a cooperation with the Ministry of Education and the National Authority for the Protection of Children’ Rights and Adoption, aimed to the common performance of some informative actions for the children and teaching personnel in relation to the rules of use of personal data and the corresponding risks. Thus, informative materials prepared by the National Supervisory Authority have been provided to the County Directorates for Children Protection and have been published on their websites.

Also, at the proposal of our institution, the informative video for the promotion of the General Data Protection Regulation was broadcasted by the national television TVR and within the public transportation means of the Bucharest Transport Society.

During the same period of time, the National Supervisory Authority continued to inform the public by publishing a number of 24 press releases and of the information from the special section dedicated to the Regulation (EU) 2016/679. During the first four months of 2023, our institution actively participated to various institutional reunions with incidence in the data protection field, organised by various public institutions or private entities.  

On the other hand, the controllers from both public and private sector continued to submit the forms on the data protection offices, thus a number of 735 officers being registered by the National Supervisory Authority during January-April.  

During the first four months of 2023, our institution assessed 4 requests for the approval of BCRs submitted by multinational companies. Also, the National Supervisory Authority acted, at the request of some companies for BCR approval, as co-reviewer and member in the European Data Protection Board drafting team for the drafting of the opinion in relation to a corporate binding rules set.

Also, our institution acted as lead rapporteur in relation to the draft decision of the competent supervisory authority of Latvia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 of the GDPR and as co-rapporteur for the draft decision of the competent supervisory authority of Croatia regarding the approval of the requirements for accreditation of a code of conduct monitoring body pursuant to Article 41 of the GDPR.

Legal and Communication Department

A.N.S.P.D.C.P.