New Data Privacy Provisions

New data privacy provisions from the Romanian supervisory authority

The National Supervisory Authority for Personal Data Processing (“ANSPDCP”) has approved the proposed procedure for receiving and resolving complaints.

The procedure establishes conditions which must be met in order for a complaint to be considered valid by the ANSPDCP. Complaints must be addressed in writing, in either English or Romanian and can be filed physically, at the ANSPDCP registry or online via the electronic form available on the ANSPDCP website.

The petitioner must describe the object of complaint, any actions taken by the petitioner towards the controller or processor, any supporting information, as well as conclusive evidence, if such evidence is available.

The procedure sets out specific rules within the complaint. If the complaint concerns the right to privacy in the field of electronic communications and e-commerce, then it is mandatory for the petitioner to mention the phone number(s), fax number(s) or IP address(es) related to the complaint. If the complaint regards unsolicited commercial communications sent to the petitioner, the received commercial communication must be attached, to enable identification of the sender by the ANSPDCP.

An important provision within the procedure is determining the competent court responsible for solving data privacy related complaints. This, it is decided, should either be the court located closest to the headquarters of the controller or processor; or the court responsible for the data subject’s area of residence.

The procedure also provides the official form to be used, for filing a complaint.

Decision no. 133 was taken on the 3rd of July 2018 on the approval of the Procedure for receiving and resolving complaints. It was published in the Official Gazette of Romania no. 600 dated, July 13th, 2018, Part I and came into force on the date of publication.