Our lawyers have a vast experience in offering consultancy for national and international companies regarding data protection implications of business mergers, transfers or projects and other compliance matters regarding employment, marketing, personal data base sharing or other businesses that involve personal data.
We offer our support and expertise for multinational companies in the relationship with the Romanian data protection authority for both national and international data processing operations, filing notifications and preparing all necessary documents that are needed for employees, suppliers or clients in regards of data protection legislation. The regulations of data protection fall under the National Authority for the Supervision of Personal Data Processing.
How can we help you?
Do not hesitate to contact our lawyers in Bucharest for more information.
Applying GDPR among lawyers
Legislation on the processing of personal data and on the free movement of such data provided for in Regulation (EU) 679/2016 of the European Parliament and of the Council becomes applicable in all areas of activity on 25 May 2018. GDPR (repeal of Directive 95/46 / EC) is a general instrument applicable at European Union level, but allows for national individualization according to local legislation, not necessarily implemented at national level, but must comply with the principles set out in art. 5, the minimum guaranteed rights and the introductory part.
The processing of personal data can be done legally, according to art. 6 of GDPR as follows:
On the other hand, there are several cases where the consent of the person concerned are not necessary, for example in the case of defending a right in court or when the courts act by applying their judicial function. Concerning lawyers, there is a special paragraph (par. 91 from the introductory part of the GDPR) which clearly states that it cannot be considered that they process personal data on a large scale. The following points need to be analyzed in order to determine the extent to which GDPR provisions apply in the field of law:
- Before concluding the legal assistance contract - considering the legal provisions by which the lawyer is obliged to verify the identity of the client, this situation is an exception to obtaining the consent for the use of personal data
- After the conclusion of the legal assistance contract - the client's data are processed in a number of activities by the lawyer (sent to the public and judicial authorities, drafting legal acts to be concluded with third parties). All these situations also present an exception to the obtaining of the consent.
- Designation of a Data Protection Officer (DPO) - in accordance with Articles 35 and 37 of the GDPR on the need to designate a DPO following the CCBE recommendations and the analysis of this need. For example, under par 91 of the GDPR introductory part, as long as the attorney does not perform a large-scale processing of personal data in the exercise of activities related to his profession, it is not necessary to designate a DPO.
In conclusion, in the case of law offices, the GDPR legislation applies in a special regime due to the law in force regulating the exercise of this profession. In addition, advocates can help you set up and comply with new legislation that comes into effect from May 25, 2018.