On 4 May 2017, representatives of the Romanian Data Protection Authority ("DPA") attended the second New European Data Protection Order conference held in Romania and, dedicated to the financial, banking and public sectors.

The DPA representatives underlined the obligation of public authorities and other public bodies (except courts) to designate a data protection officer, in accordance with the provisions of Art. 37-39 of Regulation (EU) 679/2016, as well as the duties of a data protection officer.

DPA representatives made a presentation on the rights enjoyed by individuals, underlining that the GDPR is consolidating the data protection regime by developing existing rights and recognising new rights, such as the right to be forgotten and the right to data portability.

At the same time, the applicable sanctions regime was brought to the attention of the participants, as the sanctions will significantly increase under the GDPR.

Submitted by Iurie Cokocaru from Nestor Nestor Diculescu Kingston Petersen – Bucharest, Romania in partnership with DAC Beachcroft LLP