GDPR Compliance Proving a Challenge for Romanian SMEs

A survey carried out by the National Council of SMEs in Romania (CNIPMMR) has found that over 40% of the companies questioned had not adopted measures for the implementation of the GDPR prior to the May 25 introduction date.

The survey which questioned 210 companies in order to discover how they are currently coping with the new EU legislation also found that almost 30% of the respondents had been able to meet the obligations prior to the deadline on May 25. 42.1% said they had not implemented measures for the implementation of GDPR as of yet while 28.9% said that they were planning to implement the rules in the near future. CNIPMMR stated that 52.6% of those surveyed were companies that had between one and nine members of staff.

Legal specialists from Bucharest-based law firm Musat & Asociatii said that “The rules are applied in Romania without any additional regulation of the local authorities, including on fines. Aside from the administrative sanctions, any breach of the rights of targeted individuals generates damages that will have to be covered by those who produced it, which is the data operator or its trustee. What matters is the flow of data that is processed, not the size of the company itself. In practice, there are situations in which small companies process a bigger volume of data than large companies”.

Commenting on Romanian news website, Business Review, Valentin Radu, CEO of Omniconvert, a start-up providing a real-time web personalization tool said that “If you are like Facebook or Google, you push that consent pop-up mainly because your users are used to you so they are in the habit of using you over and over again. Of course you’re going to accept that, even though Facebook as a big player is the one that actually abused the trust of its users, of us, the users in the EU. So, that mainly means because of their stuff, all the small companies are suffering. Not only are they suffering now, they will suffer in the future as well.”

The findings of this survey come following the legislative proposal for implementing GDPR measures in Romania being adopted by the Romanian Parliament on 27 June. The law, which contains amendments to the original draft law published in 2017 aims to being Romanian legislation in line with GDPR.