COMPANIES AND PUBLIC INSTITUTIONS ARE OBLIGED TO EMPLOY A PERSONAL DATA PROTECTION OFFICER STARTING WITH 2018.

As of 25 May 2018, the date from which the General Regulation on data protection shall take effect, companies and public institutions are obliged to employ a personal data protection officer.
From next year, each company with more than 250 employees and public institution will have to have a personal data protection officer, which will protect the confidentiality of the information about customers.
All public institutions, service providers or private companies with more than 250 employees will have to hire starting with next year a person to manage personal data protection. The Personal Data Protection Officer will need to have technical and juridical expertise and will have to verify that the public institution or company implements and applies the European legislation.
The companies that shall not comply or that shall breach the legislation will receive hefty fines. From the present 15.000 RON the penalties will climb up to 4% of the turnover or even 20 million euro, in severe cases.
In Romania there is no institution which can provide an attestation of a license of the person responsible for personal data protection.
The new rules shall enter into force in May 2018.

Issued by: The European Parliament

Date: 18.06.2017