25/05/2021
Synthesis of the activity of ANSPDCP – first four months of 2021
On the occasion of the 3 years’ celebration since the application of the GDPR, on 25th of May 2021, we present a synthesis of the most significant aspects from the activity of the National Supervisory Authority performed during the first four months of 2021.
Therefore, during the first four months of 2021, the National Supervisory Authority has received 1733 complaints, intimations and notices regarding the data breaches, based on which 288 investigations have been started.
Following the investigations, 15 fines in total amount of Lei 110,545.7 have been imposed.
Also, 37 reprimands have been applied and 30 corrective measures have been ordered.
During the first four months of 2021, regarding the activity of handling the complaints, the Supervisory Authority received 1,600 complaints, based on which 155 investigations were started.
Regarding the data breaches, within the period of time envisaged the controllers have submitted, both under GDPR as well as under Law no. 506/2004, 84 notifications, and the intimations regarding possible non-compliance with the provisions of GDPR amounted to a number of 49.
Following the intimations received and the data breaches notified by the personal data controllers, during the first four months of 2021, at the level of the National Supervisory Authority 133 ex officio investigations have been started.
Also, during the same period of time 352 requests for the issuance of various points of view regarding various aspects related to the manner of interpretation and application of the Regulation (EU) 2016/679 and of the other incident regulations have been addressed to our institution, by the controllers and their processors, both from public and private sector, as well as by natural personals.
Also, we mention that 15 requests submitted based on Law no. 544/2001, mainly from mass-media, have been received.
In connection with the activity of representation before the courts, during the first four months of 2021, the National Supervisory Authority has managed 98 files pending before the courts in different procedural stages. Within the same period of time, 5 new summons that had as subject the challenge of the minutes of findings and sanctioning of the offences issued by the National Supervisory Authority have been received.
On the other hand, the National Supervisory Authority has continued, in 2021, the communication activities for the information of the general public in relation to the specific rules for the processing of the personal data, in the context of the Regulation (EU) 2016/679, specifically in the online environment during the Covid-19 pandemic.
During January, in order to celebrate the European Data Protection Day, the National Supervisory Authority organised two online events for the correct information of the controllers in relation to the adequate application of the personal data protection rules, established under the General Data Protection Regulation.
Therefore, on 27th of January 2021, our institution has organised online the conference dedicated to the public authorities and institutions, called ”Findings and recommendations for the controllers from the public sector”, during which specific practical aspects regarding the application of the principles of the personal data processing will be presented and debated. At this event mainly the representative central public authorities and institutions have been invited.
Then, on 28th of January 2021, has organised, online, the second conference dedicated to the European Data Protection Day, with the subject ”Findings and recommendations for the controllers from the private sector”, with the participation of the most important professional associations and unions, of some chambers of commerce and mass-media representatives.
The celebration of the same prestigious moment was carried out also with the support of the national television channel TVR and the Bucharest Transportation Company, that have broadcasted the informative clip dedicated to the General Data Protection Regulation (public interest message), created by our institution.
In order to fulfil the general objective regarding the assurance of the information of the controllers, data subjects and general public, during February 2021, on the website of the National Supervisory Authority www.dataprotection.ro there has been posted a press release containing a synthesis of the most significant aspects from the activity of the National Supervisory Authority.
Also, for the purpose of the increase of the degree of awareness of the natural persons in relation to the exercise of their rights, during April 2021, on the website of the National Supervisory Authority information regarding the requirements for the submission/admissibility of the complaints, according to the Decision no. 133/2018 for the approval of the Procedure for the receipt and handling of the complaints have been posted.
Throughout the first 4 months of 2021, our institution has actively participated at several reunions regarding the data protection domain, organized by various public institutions or private entities, in particular online.
On the other hand, we underline that during this period of time telephone assistance to several natural persons and controllers from the public and private sector, regarding the manner of application in practice of the provisions of the Regulation (EU) 2016/679, has been provided, a series of measures that the controllers are obliged to implement for the observance of the provisions of this regulation being explained and clarified.
A prompt and efficient information of the natural persons, but also of the controller, has been achieved within this period also through the website of the Authority, considering both the 16 press releases posted within the section ”News” and the information from the special section dedicated to the General Data Protection Regulation.
During the first four months of 2021, the controllers have continued to designate the data protection officers, thus being registered with the National Supervisory Authority 713 data protection officers appointed by controllers from the public and private sector.
Also, during the first four months of 2021, the National Supervisory Authority has participated at the EDPB Plenaries, held online.
Moreover, in the context of the cooperation with other supervisory authorities for the ensurance of the mutual assistance, approx. 37 requests regarding the application and observance of the Regulation (EU) 2016/679 have been managed.
Legal and Communication Department
ANSPDCP