Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

While preparing for the GDPR – Romania's perspective


Data protection becomes hotter and hotter. Years ago a rather low tier area of law and practice, data protection is now being perceived as one of the coolest area to be within. High fines raise awareness and interest from the business environment. The Data Protection Authority is the new Competition Council, empowered to calculate and apply fines at the level of global revenues of an organization.

Everybody is passionate about getting at least some information about GDPR. While the GDPR entered into force in May 2016, it is only starting 2017 that all stakeholders included the topic on their agenda and budgets. Now every Tom, Dick, and Harry is organizing events on GDPR readiness: media, IT companies, law firms and other consultants. The authority is invited and graciously accepts such invitations.

IT companies seem already prepared to deliver their technical input through applications, programs and gap analysis services. Companies controlling and processing personal data in any form and/or capacity may give the impression however of being slightly lost or lacking project management or GDPR granularity. That is why multi-disciplinary consortia and collaborations are being initiated, data protection officers are searched for within organizations or externally and GDPR impact is being considered. The Data Protection Authority is at its turn preparing and learning and appears rather empathic with controllers and processors and sensitive to their concerns. A grace period even following the entrance into effectiveness of the GDPR looks slightly implicit and accepted, at least for the time being.

Traditionally, Romania was typically more formalistic in terms of processes and procedures than its peers within the EU. For instance, currently still, transfers to third countries outside the EU, the EEA, as well as to countries considered as not offering an adequate level of protection, require in all instances at least the prior notification, if not the authorization of the Data Protection Authority, even if the consent of data subjects is being obtained, respectively standard clauses are in place. The Data Protection Authority reviews and assesses the transfer underlying documentation and the transfer cannot be implemented until the Data Protection Authority approves such transfer. From a timing perspective, this process may take 2-3 months. The change of perspective under the GDPR is therefore even more interesting and welcome in Romania.


Article published by:

Adelina Iftime-Blagean


Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

CPC project office: Dr. Tobias Hö



53 lawyers from 33 countries are contributing to the project “Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More



The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.