DNSC Orders on NIS2 registration and risk assessment enter into force
In the spotlight
IN THE SPOTLIGHT
![AdobeStock_469644365 [Converted]](https://privacyoutloud.ro/wp-content/uploads/2022/11/AdobeStock_469644365-Converted-320x240.jpg)
DNSC Orders on NIS2 registration and risk assessment enter into force
On 20 August 2025, the following Orders of the Director of the National Cyber Security Directorate (DNSC) were published in the Official Gazette of Romania (no. 776/2025):
Order of the Director of DNSC no. 1/2025 - Requirements regarding the registration notification process and the method of transmitting information (link);
Order of the Director of DNSC no. 2/2025 - Criteria and threshold…
Cluj Tribunal confirms DPA sanction for unlawful use of cookies
On August 6, 2025, the Cluj Tribunal dismissed a complaint from a company in the healthcare sector. The company had been fined by the Romanian Data Protection Authority (DPA) and was contesting this fine.
As a background, the DPA had fined the company approximately EUR 2,000 (in RON equivalent) for storing cookies on users’ devices via its website without obtaining their prior explicit consent …
From Governance to Enforcement: What Applies Under the AI Act as of August 2025
On 2 August 2025, a new set of provisions under Regulation (EU) 2024/1689 on Artificial Intelligence (the AI Act) became applicable.
As of this date, the following main provisions have entered into force:
The formal establishment of the European AI Board – this body has already been constituted and has held several meetings. We expect the AI Board to play a key role in the EU AI governance…
ARTICLES
Romanian DPA Report – A Year in Review – 2024
Authors: Iurie Cojocaru, Diana Albu
Romanian DPA case studies – our top 5 picks 1. Refusal to provide actual call recording and provision of transcript only Case study: A customer filed a complaint with the Romanian DPA, claiming that a mobile phone company had denied her right of access by refusing to prov…
GDPR | 7-year anniversary. Romanian DPA Publishes 2025 Q1 Enforcement Update
Authors: Iurie Cojocaru, Mihai Rotaru
As the EU General Data Protection Regulation (GDPR) marked its seventh anniversary on May 25, 2025, the Romanian DPA has released a short-form activity update covering the first four months of the year. The figures offer a snapshot of enforcement trends, complaint pattern…
GDPR | 7-year anniversary. Our top picks of past and upcoming judgements of the Court of Justice of the European Union
Authors: Iurie Cojocaru, Oana Stefan, Diana Albu
Our top judgements of the Court of Justice of the European Union (26 MAY 2024 – 25 MAY 2025) 1. Judgement in the Case C-621/22 - Koninklijke Nederlandse Lawn Tennisbond What the Court mainly said: According to the CJEU, a purely commercial interes…Speaking engagements
Iurie Cojocaru – speaker at a webinar organized by IAPP
On June 4, Iurie Cojocaru, Partner and Head of NNDKP`s Data Protection practice, was a speaker at a webinar on GDPR Compliance: Key Lessons and Evolving Challenges Seven Years On, organized by the International Association of Privacy Professionals (IAPP) on the IAPP KnowledgeNet platform.
Together with Andreea Lisievici Nevin, Managing Partner, ICTLC Sweden, Iurie dove into the main challenges…
Iurie Cojocaru – speaker at an online debate organized by Juridice.ro
On May 5, Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the online debate Artificial intelligence under the spotlight: AI regulation – from obligations in 2025 to full compliance in 2026, organized by Juridice.ro.
The debate was be live on Juridice.ro.
Iurie Cojocaru – speaker at a webinar organized by Sypher Solutions
Iurie Cojocaru, Partner and Head of the Data Protection practice, was a speaker at the GDPR internal audit webinar, organized by Sypher Solutions on April 10.
Together with the Co-founder of Sypher Solutions, Mihai Ghita, Iurie Cojocaru talked about:
How long and how often is the GDPR audit performed
What resources are needed and who should be involved in the process
What are the mai…
