5 years of GDPR- What happened in 2023 in Romania

Hello everyone!

I am ALIDI, VIRTUAL ASSISTANT from AA DATA BOX. My role is to provide support for both your employee trainings on personal data protection and cyber risk awareness. Well,on the occasion of the five year anniversary of the General Data Protection Regulation (GDPR), we would like to emphasize the importance of complying with the requirements of this regulation for companies’ management. The GDPR was introduced to ensure a high level of protection of personal data and to bring transparency and accountability in the processing of such data.

Compliance with GDPR is not only a legal obligation, but also an opportunity to build customer trust and develop a strong relationship with your customers. By complying with GDPR requirements, companies demonstrate that they are paying attention to their customers’ personal data and adequately protecting it.

GDPR imposes fundamental principles on the collection, processing and storage of personal data. Thus, ensuring data subjects’ explicit consent, adequate information about the purpose and modalities of the processing, minimizing the data collected and ensuring its security are just some of the key issues that companies need to address in order to comply with GDPR.

There are significant benefits to complying with GDPR requirements. Proper management of personal data contributes to enhancing a company’s reputation and credibility, reducing legal risks and avoiding fines or financial penalties.

On the occasion of the five-year anniversary of the GDPR’s entry into force, we present a summary of the work carried out by the National Supervisory Authority in the first four months of 2023, in terms of complaints, investigations, data controller compliance and GDPR outreach and promotion. Getting Started.

In the first four months of 2023, the National Supervisory Authority received 1,565 complaints, referrals and notifications of security incidents.

199 investigations were opened as a result of these complaints and referrals.

The Authority imposed 36 fines totaling 353,865 lei as a result of the investigations.

During the control activity, 40 warnings were issued and 39 corrective measures ordered.

1385 complaints were registered, which resulted in 81 investigations into their resolution.

Data controllers reported 66 data security breaches and 114 complaints of non-compliance with the General Data Protection Regulation.

118 ex officio investigations were initiated following these reports.

The main issues addressed in complaints and referrals were the disclosure of personal data, the use of video-surveillance systems, failure to respect data subjects’ rights and information conditions, the receipt of unsolicited commercial messages and cyber-attacks.

The Authority received 336 requests for views on the interpretation and application of the GDPR.

In closing, we would like to highlight that AA Data Box, a company specializing in providing personal data protection consultancy services, stands with organizations that aim to develop a strong organizational culture of GDPR compliance. We are here to support you in your efforts to implement effective personal data protection measures.

It’s important to recognize that data protection is not just a legal issue, but an essential component of business sustainability. With the increasing importance of ESG (environmental, social and governance) factors, data protection has become a key element in ensuring transparency and accountability within organizations. Just as environment and governance are pillars of sustainability, so personal data protection is becoming increasingly relevant and necessary.

In addition, GDPR compliance cannot be achieved without proper employee involvement and information. This is a vital component in building a responsible organizational culture and ensuring effective protection of personal data. As part of our services, we are dedicated not only to providing technical solutions and specialized consultancy, but also to creating a framework of information and awareness for employees.

Thus, AA Data Box encourages companies to consider data protection as a strategic priority and develop robust measures to ensure compliance with GDPR requirements. Through our partnership, we aim to provide the expertise and support needed to build an organizational culture geared towards data protection and sustainability, thus ensuring the long-term success of companies in a dynamic and evolving environment.

GDPR principles and organizations’ obligations
Data processing principle Obligations of organizations
Data minimization Organizations should only collect and process data that are absolutely necessary to achieve the stated purpose.
Clear intent and linkage to purpose Organizations must clearly state the purpose of data collection and processing and ensure that the data collected are adequate, relevant and limited to what is necessary to achieve that purpose.
Data accuracy Organizations must keep data up to date and take appropriate steps to delete or rectify inaccurate or incomplete data.
Limitation of storage Organizations must keep data only for the period necessary to achieve the stated purpose and take appropriate steps to destroy or anonymize the data at the end of that period.
Data integrity and confidentiality Organizations must take appropriate measures to protect data from destruction, alteration, unauthorized disclosure or access.
Transparency Organizations must inform the individuals whose data they collect about the purpose of data collection and processing and provide them with access to the data.
Accountability Organizations must take responsibility for compliance with all data processing principles and take appropriate measures to ensure that they are respected.

To check whether your organization complies with the principles of personal data processing, you can contact us to help you assess the current situation.

Kit documente GDPR
Why use a document kit for GDPR?

The General Data Protection Regulation (GDPR) entered into force on May 25, 2018. It replaces the EU Data Protection Directive and strengthens EU data protection rules. GDPR applies to all companies that process EU citizens’ personal data, regardless of the company’s location.

One of the most important aspects of GDPR compliance is that the Data Controller, i.e. the company that determines the purposes and means by which personal data are processed, is responsible for compliance with Article 5(1) GDPR and can demonstrate such compliance („accountability”). In this regard, please see Opinion 3/2010 on the accountability principle.

What is involved in demonstrating GDPR accountability for an entity processing personal data?

Well, appropriate documentation is required. Thus, a GDPR documentation kit can be helpful.

What actually is a GDPR document kit?

A GDPR document kit is a set of documents and templates that companies can use to document processes, procedures, policies, work instructions, plans in case of security breaches or data subject requests, risk assessments on the impact of data processing, legitimate interest analyses, data subject information on the processing of personal data, etc… so that GDPR compliance is apparent.

Advantages of using a GDPR document kit

  • Compliance: A GDPR document kit provides companies with the necessary documents and templates to document and record GDPR compliance. This can help reduce the risk of fines and reputational damage.
  • Time Saver: Creating GDPR compliant documents can be a time-consuming process. A GDPR document kit provides companies with pre-written templates that can be easily customized according to their internal processes and to meet their specific needs, saving time and effort.
  • Cost-effective: Creating GDPR-compliant documents can be costly, especially for small and medium-sized businesses. A GDPR document kit provides acost-effective solution, as it is usually much cheaper than hiring a consultant or lawyer to create the documents.
  • Tailored to your business: a GDPR document kit is tailored to your business and the content will vary depending on the type of business you run. This means the documents will be specific to your business and relevant to your industry.
  • Regular updates: the GDPR regulations can change and it is important to have up-to-date versions of your documents. As a GDPR document kit provider we regularly update the documents to reflect any changes to the regulations.
  • Expert Guidance: A GDPR document kit is usually created by GDPR compliance experts, our colleagues have legal and technical expertise, which means the documents will be accurate and up to date. This can give businesses peace of mind knowing they are GDPR compliant.

Conclusion

In conclusion, using a GDPR document kit helps companies to demonstrate and record compliance with GDPR regulations, save time and money, and provide tailored and up-to-date documents. It can also provide expert guidance and support, which can help companies navigate complex regulations and reduce the risk of fines and reputational damage.

Do you need a GDPR document kit? Contact us now!

You can call us directly by clicking here

Steps of a GDPR Audit

The General Data Protection Regulation (GDPR) is a European Union law that regulates how the personal data of individuals is collected, used and protected in the EU. GDPR auditing involves assessing an organization’s processes and policies to ensure that they comply with GDPR requirements on the protection of personal data.

Read More