The effects of Regulation no. 679/2016 on the Romanian commercial environment. The new obligations in the field of personal data.

Author:George-Cristian Ioan
Position:Faculty of Law, Babe?-Bolyai University, Cluj-Napoca, Romania,
The effects of Regulation no. 679/2016 on the Romanian
commercial environment. The new obligations in the field
of personal data
Student George-Cristian IOAN1
The entry into force of Regulation (EU) 2016/679 of the Europea n Parlia ment and
of th e Council of 27 April 2016 on the protection of na tural persons with rega rd to the
processing of personal da ta and on the free movement of such data , commonly referr ed to as
the General Data Protection Regulation will lead to significant changes in the domestic
commercial environment. The pr esent study aims to a nalyse the main pr oblems tha t
Romanian companies will face. In this respect, a sectio n is dedicated to the theoretical and
practica l aspects of the new regime of consent, which, under the rule of the Regula tion, can
no longer be tacit. Similarly, a ttention is paid to problems concern ing the obligation to
appoint a Data P rotection Officer. This obliga tion implies significant ch anges in the
companies’ inter nal affairs. The fina l part of the article is ded icated to the systematization
of a genera lly applica ble compliance r ules, to aid Romanian in their feat of insuring pr oper
respect for P ersonal Data. The main purpose of the present study is to create a proper
practica l plan to facilitate the fulfilment, by Romanian businesses, under the Regulation.
Keywords: GDPR, persona l data, consent, Data Protection Officer, opera tor.
JEL Classification: K22, K23, K29
1. Introductory remarks
To both public and commercial law specialists in the European Union, the
entry into force of a Regulation (EU) 2016/679 of the European Parliament and of
the Council of April 27, 2016 on the protection of individuals with regard to the
processing of personal data and on the free movement of such data2, appears as a
turning point in the matter of personal data protection. The Commission's proposal
to revaluate the legal provisions governing an area often subject to the attention of
the Court of Justice of the European Union was not without criticism or controversy.
This is reflected both in the long process and the adoption3, as well as virulent
1 George-Cristian Ioan Faculty of Law, Babe-Bolyai University, Cluj-Napoca, Romania,
2 Further referenced as, Regulation 2016/679 or The General Regulation for protection of Data (GDPR).
3 The process of reviewing the personal data protection legislation was started by the Commission in
2009 and formally announ ced only in 2010. In 2012 the first draft for Regulation 679/2016 was
created. Following the release of information on the Commission's efforts in March 2015, the Council
took a po sition, which resulted in a tripartite negotiation between Parliament, the Commission and
the Council. The regulation was finally adopted only on 27 March 2016.
Juridical Tribune Volume 8, Special Issue, October 2018 111
criticisms made prior to the adoption of the Regulation4. Romanian legal doctrine
has aligned with the European trend of awareness of the importance of the proposed
changes, including the relevance of the change in the legal nature of the act of
codifying the rules on the protection of personal data5. The controversial nature was
maintained after adoption, and some authors argued that the burdens imposed on
companies would be detrimental to the development of the business environment6.
Although the Regulation is equally applicable to public institutions, the present study
will focus on the potential problems that may be encountered in the private sector,
given the specificity of legal relationships in commerce, that deserve separate
The general consensus is that the operation of commercial companies and
their relations with customers and other participants in the commercial circuit will
be deeply affected, starting in May 2018. Changes are necessary in both internal
procedures and the external means of negotiation and undertaking of legal
obligations. Certainly, in relation to the sanctions provided by the Regulation, which
will be analysed infra, a proactive conduct of companies is desirable. It must be
emphasised that, according the sanctioning system imposed by the Regulation, any
sanction applied for violation of regulatory provisions by a Romanian subsidiary of
a multinational company will be calculated based on the global turnover figure. The
purpose of this article is to analyse the changes brought about by the entry into force
of Regulation 679/2016 and how it will change the domestic commercial climate. In
the end, we will pursue the development of principles of good commercial practices
in the light of Regulation. The utility of the paper results from the lack of a case
study on the effect of the Regulation on the internal market. We consider, in this
regard, that a correct understanding of the provisions of the Regulation is
indispensable at the present time, for Romanian traders.
2. Analysis of the nationally applicable legal framework
However, before we begin to analyse (i) the immediate effect of the
Regulation, in relation to its legislative nature and its correlation with changes in the
4 Jennifer Baker, Privacy? What privacy? EU's dra ft law on your data is useless, say digital rights orgs,
The Register, 4th of March 2015. The document is available online at proposed_
new_law_is_as_good_as_useless_say_digtal_rights_orgs, consulted on 1.07.2018. In this sense, the
open letter set to President Jean Claude Juncker by European Digital Rights, and backed up by another
70 international NGOs, including the Romanian Association for Internet and Technology, expresses
simillar worries. The document is available for consultation online at:
DP_letter_Juncker_20150421.pdf, consulted on 1.07.2018.
5 Daniel- Mihail andru, Regimul juridic al proteciei datelor cu caracter personal este în proces de
regândir e, „Revista Român de Drept al Afacerilor”, no.3/2015.
6 James Brooks, Jr., Why Europe’s Stance on Data Privacy is Bad for Business, Huffington Post, 13
September 2017. The document is available for consultation online at the adress
business_us_59b98eb5e4b02c642e4a1378, consulted on 1.07.2018.

To continue reading

Request your trial