Romania’s approach, characterized by frequent yet lower-value fines, reflects a regulatory environment that is assertive but measured, focusing on compliance improvement rather than financial deterrence alone.
This discrepancy between volume and financial severity suggests that the Romanian DPA may be prioritizing corrective enforcement and awareness over punitive action—a strategy possibly influenced by national legal culture, economic context, or the nature of the infringements.
Romania has demonstrated active enforcement of the GDPR, with nearly 200 fines issued by the NSA since 2018. This places Romania among the most active NSAs in terms of number of sanctions applied.
By contrast, other jurisdictions, such as Ireland’s or Luxembourg’s, have imposed significantly fewer but substantially larger fines, often targeting tech giants with cross-border processing operations.
