The National Supervisory Authority for Personal Data Processing (ANSPDCP) approved the authorization template for the transfer abroad of personal data pursuant to the Binding  Corporate Rules - BCR

ANSPDCP’s Decision no. 41 of March 18, 2014, on the establishment of an authorization template for  the transfer of personal data abroad pursuant to the Binding Corporate Rules - BCR, was published  in the Official Gazette of Romania no. 218 of March 27, 2014.

By adopting the authorization template, ANSPDCP acknowledges BCR as an alternative to the  concluding of the standard contractual clauses, as approved by the European Commission by the  Decision of February 5, 2010. Therefore, in cases of transfer of data to states which do not offer  a level of protection at least equal to that offered by the Romanian law, ANSPDCP may authorize  such transfers pursuant to BCR, these being acknowledged as an instrument which offers sufficient  guarantees in relation to the protection of the fundamental rights of persons.

However, the authorization does not exempt data controllers from the fulfillment of other  obligations resting upon them according to Law no. 677/2001 on the protection of persons in  relation to personal data processing and free movement of such data, including the obligation to  undergo the inspection conducted by the ANSPDCP, which may order any actions, if it ascertains the  breach of the obligations undertaken by the data controllers.

The decision became effective on March 27, 2014.

A new guide concerning personal data protection

The Council of Europe and the European Union Agency for Fundamental Rights have launched a  practical guide concerning the European personal data protection laws.

This is the first guide of the Council of Europe regarding EU personal data protection laws, its  content referring to the case law of the European Court of Human Rights and of the Court of Justice  of the European Union.

The guide is addressed to all persons interested in the area of personal data protection and  contains clarifications concerning: (i) the terminology in the area of personal data protection;  (ii) the principles and rules provided for by the European laws regarding personal data processing;  (iii) the transfers of data; (iv) the protection of personal data in the light of the activities  specific for the criminal law, etc. The guide may be accessed on the website of the European Union Agency for Fundamental Rights.