- Home
- News & Insights
Search by
Latest
Upcoming changes to Romanian cookie consent framework
Romania is taking a significant step towards bringing its cookie consent rules into line with the standards established under the General Data Protection Regulation (GDPR) and the guidance of the European Data Protection Board (EDPB). A legislative proposal currently under parliamentary review would introduce binding, prescriptive requirements governing the design and operation of cookie consent mechanisms – requirements that will have direct practical consequences for any organisation operating a website or digital service accessible from Romania. The domestic legal framework on cookies is primarily governed by Law No. 506/2004 on the processing of personal data and the protection of privacy in the electronic communications
Transparency back in the spotlight: Revisiting GDPR awareness
In an increasingly digital and complex data environment, the GDPR continues to play a central role for organisations, even eight years after taking effect. Transparency is once again in the spotlight, with data protection authorities and EU regulatory bodies reinforcing that compliance goes beyond simply informing data subjects, and that organisations are expected to ensure transparency by design and by default. 1. Coordinated enforcement framework On 19 March, the European Data Protection Board (EDPB) launched its Coordinated Enforcement Framework action for 2026. Following the 2025 coordinated action on the right to erasure, this year’s initiative focuses on compliance with transparency and information obligations
2026 Cybersecurity Countdown: New requirements are coming
The Cyber Resilience Act (Regulation EU 2024/2847 – CRA) entered into force on 10 December 2024 and introduces a comprehensive cybersecurity framework for products with digital elements placed on the EU market. The Regulation aims to address the insufficient level of cybersecurity in many digital products and the lack of timely security updates provided throughout their lifecycle. Which products are in scope? The CRA applies to “products with digital elements”, defined as software or hardware products, including their respective remote data processing solutions that can be directly or indirectly connected to a device or a network. Consequently, the CRA applies to both connected hardware products (e.g., smartphones