The other week I was in England discussing with a client the question of Data Protection and the difference between Romania and England.

Data Protection has been a hot topic in the Western half of the European Union as well as the USA for some time now, and is now having a bigger impact in Eastern Europe.  So what is the position in Romania?  You ask many people about data protection in Romania and they will not know what you mean.  They are not aware that Romania has a Data Protection Law which came into being in 2001 although it was modified in 2012.

The one area of business in which people are aware of data protection requirements is in the field of human resources, as this is an obvious field.  You keep details of your employees, their names and addresses and other personal information on file electronically.  There are however rules concerning the collection and use of personal data.

The employee must consent to you collecting the data and at the same time they must know the reason for the collection. Obvious in the field of employment.  The data can then only be used for the reason for which it is collected.  If it is not then the person who holds the information can be fined.  It is also forgotten by many people that the person whose information has been collected electronically can request that information and if there is an error the collector is obliged to change that information. Failure to supply the information could result in a complaint to the Data Protection Agency and if found guilty of an offense, a fine.

Information is also collected in other ways without people being aware that they are subject to the law.  The e-business site which sells products also collects information and is subject to the Data protection law.  Are they aware of the risks they are running?

To protect yourself it is very easy to register with the Romanian Data Protection Agency.  This registration will require some work as you need to produce a data protection policy and ensure that the person who gives the information is aware that you are collecting this information.  All users of electronic data should make sure that their policy is up to date.

The question about data protection came out of an enquiry about transferring data abroad, in this case outside the European Union.  Many companies in Romania are subsidiaries of foreign companies.  The transfer of electronic data between head office and its branch is common place and can occur many times in a year, but many companies have not registered this transfer with the Data Protection Agency.

All sounds very harmless, but as awareness of data protection laws and the use that data becomes more common Romanian companies cannot afford to ignore the consequences.