First pageLegal expertisePrivacy & cyber securityPrivacy & data protection

Privacy & Data protection

Legislation in virtually all jurisdictions has established new data protection standards that apply to activities in all sectors and to businesses large and small. Every entity that deals with data must appreciate the changes in their operating environment and how the law defines the specific roles and responsibilities of each participant in the field.


We take a client-orientated approach to these issues based on a thorough review of the situation, and we guide our clients through the process of identifying requirements and implementing solutions step-by-step.


We assist clients in mapping and implementing the processes required for handling personal data and assess their current practices against current legal and GDPR data protection requirements. We help our clients to bring their business into line with the applicable standards and ensure their on-going compliance. Our recommendations are not only appropriate but are specifically tailored to our clients’ individual needs and the needs of their industry.

Our legal services include a review of our clients’ existing contractual frameworks to ensure that they are in compliance with all applicable laws and regulations.

We provide our clients with comprehensive advice and assistance on all data protection issues and, when required, guidance on handling trade secrets in the client's profession or industry including:

  • Drafting specific data protection legal opinions.
  • Assessing the current status of the client’s GDPR compliance processes.
  • Implementing risk mitigation measures.
  • Reviewing and drafting internal forms and procedures to comply with the GDPR requirements.
  • Expanding the Data Protection Impact Assessment procedures based on the type of data processed.
  • Drafting internal IT security policies, particularly about the use of the client's IT resources.
Key contacts
Our Relevant Experience
  • Assisting the Bog’Art companies in the GDPR audit carried out within the group in order to assess the level GDPR compliance, recommending risk mitigation measures and offering continuous support in implementation, as well as advising on complex issues involving data protection.
  • Providing extensive legal assistance to A&D Pharma, one of the most important pharmaceutical retailers, in respect of a complex audit of their data processing application.
  • Assisting the Romanian branch of Merck, one of the most important healthcare and life sciences companies, in complying fully with data protection requirements.
  • Assisting the Romanian branch of DP World, one of the top 10 terminal container operators, on data protection implications, including sensitive matters regarding biometric data processing and the security/transfer of personal data.
  • Providing legal support to World Class Romania regarding complex data protection matters resulting from the new data protection legislation, as well as providing practical solutions to day-to-day matters regarding the processing of personal data.
  • Assisting Next Romania, one of the most important clothing retailers, in order to ensure compliance with data protection provisions.
  • Assisting Creative Eye SRL, creator and owner of the platform Litoralul Romanesc, one of the most well known Romanian travel agencies, in complying with data protection provisions, personal data security and a data processing audit.
  • Assisting Bancpost in relation to data protection matters by providing dedicated legal training and assessing their current GDPR compliance, as well as providing advice on the implementation of measures to mitigate risks, privacy information and data subject access rights/protection.
  • As part of a due diligence report for Resource Partners, we provided specialised data protection advice on the current GDPR compliance of Preturi Pentru Tine SRL, identifying non-compliance risks as well as recommending risk mitigation measures in order to achieve the necessary level of compliance, including an in-depth analysis on the use of third party software as well as risks associated with the use of open source software.
  • As part of a due diligence report for EDS Romania SRL, we provided an analysis and revision of various data protection aspects, including the GDPR compliance of Infopress, including recommending the implementation of risk mitigation measures.
  • As part of a due diligence report for Medicover, we provided an analysis and revision of various intellectual property and data protection aspects, including the GDPR compliance of the target companies, highlighting potential risks and offering recommendations for customised risk mitigation measures.
© Copyright Stratulat-Albulescu.ro 2019. All rights reserved.