Law 677/2001 on the protection of individuals with regard to the processing of personal data and the free movement of such data transposes the acquis represented by Directive 95/46 / EC, which regulates the general legal framework of personal data protection at the level of the European Union.
This directive seeks to protect the right to intimate, family and private life, namely the right of the person not to reveal, without his / her consent, the true name, address, age, family situation, use of free time, habits, etc.
In Romania, the central authority empowered to control is the National Supervisory Authority for Personal Data Processing. The Authority monitors and controls, in terms of legality, the processing of personal data falling within the scope of Law no. 677/2001.
In the event of a security incident, our specialists can advise both data operators and targeted individuals.
The supervisory authority may apply contravention sanctions to the operator for:
– failure to notify and notification in bad faith;
– unlawful processing of personal data; – non-fulfillment of the confidentiality obligations and the application of security measures;
– refusal to provide information.
Contravention sanctions shall be applied by the supervisory authority through the personnel empowered for this purpose. The amount of the fines that may be imposed in the case of committing the abovementioned contraventions varies between RON 500 and RON 50,000.
OBLIGATIONS OF PERSONAL DATA OPERATORS
According to the framework law (Law 677/2001), the personal data controller – may be any natural or legal person, whether private or public, including public authorities, their institutions and their territorial structures, which establishes the purpose and means of processing personal data or which is thus designated by a normative act.
Operators have the following obligations:
– to notify the supervisory authority of any processing or assembly of processing operations having the same or related purposes;
– not to start processing the personal data until it receives the registration number communicated by the supervisory authority;
– not to initiate the processing of personal data when the supervisory authority has announced that it has carried out a prior check in the case of processes susceptible to special risks;
– to complete the notification at the request of the supervisory authority;
– to indicate the registration number of the notification received from the supervisory authority on each act by which personal data are collected, stored or disclosed;
– to notify the supervisory authority of any change likely to affect the accuracy of the information contained in the notification within 5 days;
– to prove the payment of the notification fee or the assignment to a category of tax-exempt persons, according to Law 476/2003;
– to ensure compliance with security measures by empowered persons;
– to conclude written contracts with the persons empowered to process personal data on behalf of the operator;
– to develop instructions for ensuring confidentiality of processing for any person acting under the authority of the operator or the person empowered, including the person empowered to do so;
– to apply appropriate technical and organizational measures to protect personal data against accidental or unlawful destruction, loss, modification, disclosure or unauthorized access, in particular if the processing involves data transmission within a network and against any form of illegal processing.
DATA SUBJECT RIGHTS
The rights of the data subjects were expressly provided for by the legislator:
Where the personal data are obtained directly from the data subject, the operator is required to provide at least the following information:
Where the data are not obtained directly from the data subject, the operator shall, at the time of data collection or, if it is intended to be disclosed to third parties, at the latest at the time of the first disclosure, provide at least the following information to the data subject, unless the data subject already possesses the information:
Any data subject has the right to obtain from the operator upon request (free of charge for a request per year) that his or her personal data is processed or not, as well as the following information:
The operator is obliged to communicate the requested information within 15 days of receipt of the request.
Any person concerned has the right to obtain free of charge from the operator by means of a written, dated and signed application:
An operator is required to communicate the measures taken and, where appropriate, the name of the third party to whom the personal data relating to the data subject have been disclosed within 15 days of receipt of the request.
The data subject concerned has the right to oppose at any time, by a written, dated and signed request, for well-founded and legitimate reasons relating to his / her particular situation, that the data subject to him / her are processed, except in cases where there are contrary legal provisions. In the case of justified opposition, the processing may no longer cover the data concerned.
The data subject has the right to oppose at any time, free of charge and without any justification, that data intended to be processed for direct marketing on behalf of the operator or a third party or disclosed to third parties in – for such a purpose.
The operator is obliged to communicate to the data subject the measures taken and, where appropriate, the name of the third party to whom the personal data relating to the data subject have been disclosed within 15 days of the date of receipt of the application.
Everyone has the right to ask for and obtain:
Without prejudice to the possibility of addressing the supervisory authority with complaint, any person who has suffered damage as a result of the processing of unlawful personal data may apply to the competent court for repair.
The competent court is the one in whose territory the applicant is domiciled. The claim for legal action is exempt from stamp fee.
Cand navigati pe orice site, acesta poate stoca sau informatii in browser-ul dumneavoastra, cel mai probabil sub forma de cookie-uri. Controlati setarile aici.