Law: Law No. 190/2018 Implementing the General Data Protection Regulation (Regulation (EU) 2016/679) ('the Law') and the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR')

Regulator: National Supervisory Authority for Personal Data Processing ('ANSPDCP')

Summary: The GDPR was implemented in Romania in 2018 through the Law. The Law is relatively comprehensive and includes, in particular, detailed provisions on the processing of data for journalistic purposes or academic or artistic expressions, on certification bodies, and on corrective measures and sanctions for both private and public bodies. Under the Law, the ANSPDCP is the competent supervisory authority for data protection matters. The ANSPDCP is an active regulator that has released a dedicated GDPR resource centre for organisations.