The effects of Regulation no. 679/2016 on the Romanian commercial environment. The new obligations in the field of personal data.

• Author: George-Cristian Ioan
• Position: Faculty of Law, Babe?-Bolyai University, Cluj-Napoca, Romania, georgecristianioan@gmail.com
• Pages: 110-127

The effects of Regulation no. 679/2016 on the Romanian

commercial environment. The new obligations in the field

of personal data

Student George-Cristian IOAN1

Abstract

The entry into force of Regulation (EU) 2016/679 of the Europea n Parlia ment and

of th e Council of 27 April 2016 on the protection of na tural persons with rega rd to the

processing of personal da ta and on the free movement of such data , commonly referr ed to as

the General Data Protection Regulation will lead to significant changes in the domestic

commercial environment. The pr esent study aims to a nalyse the main pr oblems tha t

Romanian companies will face. In this respect, a sectio n is dedicated to the theoretical and

practica l aspects of the new regime of consent, which, under the rule of the Regula tion, can

no longer be tacit. Similarly, a ttention is paid to problems concern ing the obligation to

appoint a Data P rotection Officer. This obliga tion implies significant ch anges in the

companies’ inter nal affairs. The fina l part of the article is ded icated to the systematization

of a genera lly applica ble compliance r ules, to aid Romanian in their feat of insuring pr oper

respect for P ersonal Data. The main purpose of the present study is to create a proper

practica l plan to facilitate the fulfilment, by Romanian businesses, under the Regulation.

Keywords: GDPR, persona l data, consent, Data Protection Officer, opera tor.

JEL Classification: K22, K23, K29

1. Introductory remarks

To both public and commercial law specialists in the European Union, the

entry into force of a Regulation (EU) 2016/679 of the European Parliament and of

the Council of April 27, 2016 on the protection of individuals with regard to the

processing of personal data and on the free movement of such data2, appears as a

turning point in the matter of personal data protection. The Commission's proposal

to revaluate the legal provisions governing an area often subject to the attention of

the Court of Justice of the European Union was not without criticism or controversy.

This is reflected both in the long process and the adoption3, as well as virulent

1 George-Cristian Ioan – Faculty of Law, Babe-Bolyai University, Cluj-Napoca, Romania,

georgecristianioan@gmail.com.

2 Further referenced as, Regulation 2016/679 or The General Regulation for protection of Data (GDPR).

3 The process of reviewing the personal data protection legislation was started by the Commission in

2009 and formally announ ced only in 2010. In 2012 the first draft for Regulation 679/2016 was

created. Following the release of information on the Commission's efforts in March 2015, the Council

took a po sition, which resulted in a tripartite negotiation between Parliament, the Commission and

the Council. The regulation was finally adopted only on 27 March 2016.

Juridical Tribune Volume 8, Special Issue, October 2018 111

criticisms made prior to the adoption of the Regulation4. Romanian legal doctrine

has aligned with the European trend of awareness of the importance of the proposed

changes, including the relevance of the change in the legal nature of the act of

codifying the rules on the protection of personal data5. The controversial nature was

maintained after adoption, and some authors argued that the burdens imposed on

companies would be detrimental to the development of the business environment6.

Although the Regulation is equally applicable to public institutions, the present study

will focus on the potential problems that may be encountered in the private sector,

given the specificity of legal relationships in commerce, that deserve separate

attention.

The general consensus is that the operation of commercial companies and

their relations with customers and other participants in the commercial circuit will

be deeply affected, starting in May 2018. Changes are necessary in both internal

procedures and the external means of negotiation and undertaking of legal

obligations. Certainly, in relation to the sanctions provided by the Regulation, which

will be analysed infra, a proactive conduct of companies is desirable. It must be

emphasised that, according the sanctioning system imposed by the Regulation, any

sanction applied for violation of regulatory provisions by a Romanian subsidiary of

a multinational company will be calculated based on the global turnover figure. The

purpose of this article is to analyse the changes brought about by the entry into force

of Regulation 679/2016 and how it will change the domestic commercial climate. In

the end, we will pursue the development of principles of good commercial practices

in the light of Regulation. The utility of the paper results from the lack of a case

study on the effect of the Regulation on the internal market. We consider, in this

regard, that a correct understanding of the provisions of the Regulation is

indispensable at the present time, for Romanian traders.

2. Analysis of the nationally applicable legal framework

However, before we begin to analyse (i) the immediate effect of the

Regulation, in relation to its legislative nature and its correlation with changes in the

4 Jennifer Baker, Privacy? What privacy? EU's dra ft law on your data is useless, say digital rights orgs,

„The Register”, 4th of March 2015. The document is available online at

http://www.theregister.co.uk/2015/03/04/data_protection_what_data_protection proposed_

new_law_is_as_good_as_useless_say_digtal_rights_orgs, consulted on 1.07.2018. In this sense, the

open letter set to President Jean Claude Juncker by European Digital Rights, and backed up by another

70 international NGOs, including the Romanian Association for Internet and Technology, expresses

simillar worries. The document is available for consultation online at: https://edri.org/files/

DP_letter_Juncker_20150421.pdf, consulted on 1.07.2018.

5 Daniel- Mihail andru, Regimul juridic al proteciei datelor cu caracter personal este în proces de

regândir e, „Revista Român de Drept al Afacerilor”, no.3/2015.

6 James Brooks, Jr., Why Europe’s Stance on Data Privacy is Bad for Business, „Huffington Post”, 13

September 2017. The document is available for consultation online at the adress

https://www.huffingtonpost.com/entry/why-europes-stance-on-data-privacy-is-bad-for

business_us_59b98eb5e4b02c642e4a1378, consulted on 1.07.2018.