A team of experts to tackle all data protection matters

In the context of an increasingly regulated environment and today’s rapidly evolving data related technologies, protecting personal data continues to be a major challenge for all businesses and governmental institutions alike. Seeing that lately companies face bigger reputational and financial risks for non-compliance with data protection law, it is essential to implement a strong data protection oriented culture in your organization. This includes measures related not only to your employees or contractors, but also to your customers, your suppliers or business partners. Personal data security breaches, cross border transfers, online behavioural profiling, privacy by design and by default– they all draw the attention of the regulating authorities, especially when it concerns personal data that are carelessly handled.

Our highly professional team is prepared to advise you on more than the letter of law, having a business oriented approach and understanding the interplay between data protection and several complementary legal fields, such as employment, IT or competition. We are at your service for the entire spectrum of data protection related matters, including assessment of your current situation concerning personal data (by identifying, mapping and securing it) in order to meet the accountability requirements of the GDPR (General Data Protection Regulation), implementing tools and strategies in order to avoid data leaks and minimise the risk of liabilities and fines entailed by infringing the GDPR (General Data Protection Regulation) or the national data protection laws, conducting tailor-made trainings for increasing the level of understanding the data protection matters in day-to-day business, drafting data breach notification plans, drafting tailor-made processing agreements. We equally provide outsourced DPO (data protection officer) service for organisations that are obliged to appoint a DPO under the GDPR (General Data Protection Regulation) but do not have the necessary data protection knowledge or expertise.

In addition, we provide GDPR representative services, for organisations with no business presence in the European Economic Area (EEA) that offer goods or services to individuals in the EEA, or if they monitor the behaviour of individuals in the EEA. Professional GDPR (General Data Protection Regulation) legal and compliance support from our experts ensures that all documentation (processes, procedures, policies, training programmes) and commercial agreements comply with the GDPR (General Data Protection Regulation) provisions. In addition, we are ready to provide you with support and representation in administrative proceedings towards data protection supervisory authorities and before local or European courts. We equally provide assistance during data protection authority inspections and thereafter for challenging the outcome of the inspection, as applicable.

Highlights of the assignments which have been handled by our lawyers throughout their practice include advice and representation to:

• One of the leading IT companies based in Central Eastern Europe, with regard to soft development assessment from data privacy (GDPR) perspective;
• A major satellite TV operator in connection with Data Protection Impact Assessment on a software used with the purpose of managing its customer activity, revising the group's cookie policy from a GDPR perspective, analysing potential use of public databases based on legitimate interest, assisting with drafting consent forms for advertising campaigns where employees were used, revising the Romanian telecom code of conduct;
• The Romanian association of online retailers, in drafting GDPR infographics and guidelines prior to its entering into force, to support proper information and education related thereto;
• A major Hungarian producer of steel pipe connectors and other equipment for the piping industry with business in Germany, Italy, Spain, France, Poland, Czech Republic, Russia and Romania with regard to its website´s privacy policy from a GDPR perspective;
• Leading Romanian telecom operator, with numerous matters with regards to revising, at group level, its B2C privacy notice, drafting the employee privacy notice and the recruitment process privacy notice, revising and updating standard partnership contracts, establishing relationships (independent data controllers, joint controllers or the specific controller-processor) with various partners from a GDPR perspective;
• An important smart technologies producer founded by former Apple engineers and currently owned by Google, with regard to its potential business expansion within the Romanian jurisdiction, including providing a comprehensive audit from a data protection perspective (pre GDPR national legislation);
• An important European operator and developer of car parks with an extensive data protection audit and consequent strategy for compliance and recommended measures’ implementation;
• A Switzerland based multinational healthcare corporation with numerous data protection matters, as part of a complex GDPR related report and assistance in view of implementation thereof.

Publications

• Keeping data safe in the new digital employment environment, December 2020 (ENG)
• Data Protection & Privacy 2021, Romania Chapter, Lexology - Getting The Deal Through, November 2020 (ENG)
• GDPR and ePrivacy interplay, October 2020 (ENG)
• Key takeaways from the Romanian Data Protection Authority, April 2020 (ENG)
• Controller - Processor relationship in pandemic context, April 2020 (ENG)
• ELKB Data protection: Romania transposes Directive (EU) 2016/680, January 2019 (RO)
• ELKB Data protection: Romania transposes Directive (EU) 2016/680, January 2019 (ENG)
• Romanian Public Authorities and Data Protection: Learning to Cope (ENG)
• Frail balance between privacy and confidentiality rights – BizLawyer, July 2015 (RO)
• ELKB Data Protection in Romania (ENG)

• back