Home » Comunicat_Presa_23_05_2025
 Română | English | Francais

sigla_anspdcp_2.png

The new Regulation 2016/679 applicable from 25th of May 2018

 

Complaints

GDPR Complaints

 

Procedure for complaints

Information on the payment of fine by legal entities

Controllers

Data Protection Officer Form

 

GDPR Breach Notification

 

Law nr. 506/2004 Breach Notification

 

GDPR Sanctions

Schengen

 

Schengen

Visa Information System

 

 

 

Visa Information System

News

Useful Information

 

F.A.Q.

Guidelines Q&A Regulation (EU) 2016/679

Indicative guidelines GDPR

Guidelines on the application of Law no. 363/2018

Useful Links

 

TFTP - Terrorist Finance Tracking Program

 

 

 

Procedure

Forms

Contact

Contact us

Data Protection

Information on the processing of personal data carried out by ANSPDCP

 

Cookies policy

23.05.2025

25 May 2025 – 7 years since the application of the GDPR


On 25 May 2025, it will be seven years since the application of Regulation (EU) 2016/679 on the protection of individuals with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), at the level of all Member States of the European Union. This European Regulation established uniform rules for the effective protection of the right to the protection of personal data throughout the Community.

On this occasion, we bring to the public’s attention relevant information from the activity of the National Supervisory Authority for Personal Data Processing for the first 4 months of 2025.

Thus, during the period January-April of this year, our institution received 3,048 complaints, intimations and notifications regarding security incidents, based on which 153 investigations were opened.

As a result of these investigations, 52 fines were imposed during this period for a total amount of 1,134,267 lei (the equivalent of 230,500 euros). At the same time, 68 reprimand were also applied and 96 corrective measures, one warning and 2 decisions to cease data processing were ordered.

Regarding the complaint handling activity, ANSPDCP received 2,799 complaints in the first four months of this year. In order to handle the complaints considered admissible, 67 investigations were initiated.

Also, in the same period, data controllers submitted 65 notifications regarding personal data breaches and 184 intimations regarding possible non-compliance with the provisions of the GDPR.

Based on these 249 intimations and notifications regarding security incidents, 86 investigations were carried out.

The complaints, intimations and notifications regarding data security breaches received by ANSPDCP during this period mainly concerned the following aspects:

  • disclosure of personal data to third parties in public space, in the online environment;
  • processing of images through video surveillance systems;
  • failure to respect the rights of the data subjects;
  • receiving unsolicited commercial messages:
  • violation of the principles of data processing.

At the same time, in the first 4 months of this year, ANSPDCP received a number of 289 requests for opinions from controllers and their processors (from the public and private sectors), from other entities and individuals, on various aspects relating to the application of the GDPR and other relevant regulations.

During the same period, opinions were issued on 29 draft legal acts submitted by public institutions, which involved the assessment of various and complex aspects regarding the appropriate application of data protection rules in several areas of activity.

Regarding the activity of representation in court, in the first four months of 2025, a number of 15 new requests for summons were registered, of which 7 requests having as their subject-matter the challenging of ANSPDCP’s reports of findings/sanctions.

Also, during the period January-April 2025, the communication activities aimed at informing the general public regarding the rules for processing personal data continued.

Thus, on the occasion of the celebration of the European Data Protection Day, on 28 January 2025, the Conference entitled “Anniversary review on 20 years since the establishment of ANSPDCP” was organized. This event was attended by representatives of the national central public authorities and institutions, the executive and legislative bodies, representatives of academia, non-governmental organizations, the main professional unions/associations, as well as relevant controllers/processors from the public and private sectors.

In this context, at the proposal of our institution, the informative clip dedicated to the promotion of the General Data Protection Regulation was broadcast on the national television station TVR and on the public transport of the Bucharest Transport Company.

In the first 4 months of 2025, ANSPDCP continued its activity of informing the general public by publishing 40 press releases mainly relating to the sanctions imposed.

Regarding external cooperation activity, we would like to point out that, in the first four months of 2025, our institution assessed 23 applications for approval of BCRs submitted by multinational companies.

Also, ANSPDCP acted, at the request of some companies for approval of BCRs, as a co-reviewer for 8 sets of BCRs, as well as a member of the drafting team of the opinion of the European Data Protection Board regarding a set of binding corporate rules.

 

Legal and Communication Department

A.N.S.P.D.C.P