We use cookies for statistical purposes.

  • 61 Unirii Boulevard, Bl. F3, Entrance 4, 2nd floor, Apt. 208, District 3, 030828, Bucharest
  • office(at)rolegal.com
  • (+40) 723.500.027

Data Protection and GDPR lawyers in Romania

Our lawyers in Romania have a vast experience in offering consultancy for national and international companies regarding data protection implications of business mergers, transfers or projects and other compliance matters regarding employment, marketing, personal data base sharing or other businesses that involve personal data.

We offer our support and expertise for multinational companies in the relationship with the Romanian data protection authority for both national and international data processing operations, filing notifications and preparing all necessary documents that are needed for employees, suppliers or clients in regards of data protection legislation. The regulations of data protection fall under the National Authority for the Supervision of Personal Data Processing. The experts at our law firm in Romania can provide complete details about these laws.

How can our Romanian lawyers help you?

  • Processing related to marketing – advising clients on implications of data protection on marketing initiatives, drafting all necessary documents for commercial agreements, database sharing or other data protection provisions, as well as the appropriate wording for regulations of promotional campaigns
  • Drafting data processors agreements, advising companies on how to handle requests and complaints coming from clients regarding the procession of their personal information
  • Employees’ data procession – drafting and supporting the implementation of internal data provisions and confidentiality policies, monitoring activities, data flows for international companies, consent documentation and data protection information
  • Assist with data base sharing – business transfers that must comply to data protection legislation
  • Representation and defense regarding data protection assessment and identifying the right solutions for each company’s activity in order to respect the security requirements and suggesting actions to be taken in case or individual complaints or official inspection.

Do not hesitate to reach out to our lawyers in Romania for more information.

Applying GDPR among lawyers


Legislation on the processing of personal data and on the free movement of such data provided for in Regulation (EU) 679/2016 of the European Parliament and of the Council becomes applicable in all areas of activity on 25 May 2018. GDPR (repeal of Directive 95/46 / EC) is a general instrument applicable at European Union level, but allows for national individualization according to local legislation, not necessarily implemented at national level, but must comply with the principles set out in art. 5, the minimum guaranteed rights and the introductory part.

The processing of personal data can be done legally, according to art. 6 of GDPR as follows:

  • To fulfill a legal obligation of the operator
  • Having the customer’s consent
  • In order to protect the vital interests of the person concerned or in front of a third party
  • For the conclusion of a contract to which the client is a participant / for the steps required to conclude a contract
  • Data need to obtain the interests of the operator or a third party (without deducting the rights and freedoms of the person concerned), but it is necessary to protect such data, especially for children
  • For the performance of a task in the public interest or the result of the exercise of a public authority of the operator

On the other hand, there are several cases where the consent of the person concerned are not necessary, for example in the case of defending a right in court or when the courts act by applying their judicial function. Concerning lawyers, there is a special paragraph (par. 91 from the introductory part of the GDPR) which clearly states that it cannot be considered that they process personal data on a large scale. The following points listed by the experts at our Romanian law firm need to be analyzed in order to determine the extent to which GDPR provisions apply in the field of law:

  1. Before concluding the legal assistance contract – considering the legal provisions by which the lawyer is obliged to verify the identity of the client, this situation is an exception to obtaining the consent for the use of personal data;
  2. After the conclusion of the legal assistance contract – the client’s data are processed in a number of activities by the lawyer (sent to the public and judicial authorities, drafting legal acts to be concluded with third parties). All these situations also present an exception to the obtaining of the consent;
  3. Employees of the operator – Given the possibility of a law firm to hire staff (experts, accountants, IT staff) or to contract third parties, it is necessary to include in the labor or collaboration contracts for the obligations derived from processing of personal data according to GDPR. In the case of contracts with third parties, their internal privacy policy should also be checked;
  4. Designation of a Data Protection Officer (DPO) – in accordance with Articles 35 and 37 of the GDPR on the need to designate a DPO following the CCBE recommendations and the analysis of this need. For example, under par 91 of the GDPR introductory part, as long as the attorney does not perform a large-scale processing of personal data in the exercise of activities related to his profession, it is not necessary to designate a DPO.


In conclusion, in the case of law offices, the GDPR legislation applies in a special regime due to the law in force regulating the exercise of this profession. In addition, our Romanian lawyers can help you set up and comply with new legislation that comes into effect from May 25, 2018. Contact us for more information.