ABSTRACT
The Ombudsman is designated by Law 677 to be the Supervisory Authority in Romania. The law also stipulates fines and sanctions to those infringements of the law that are in contravention. The definition of personal data is given in Article 3 (a), which is a direct translation of the Directive's Article 2 without any changes or addition of terms. Law 677 provides that data should be kept in a form which permits identification of data subjects no longer than is necessary for the purpose for which the data were collected or for which they are further processed (Article 4(e)). Article 8 provides the requirements when processing a national identification number. Article 22 (1) states that the controller must notify the Supervisory Authority before carrying out any wholly or partially automatic processing operation. Law 677 does not provide an exemption from liability if the data controllers prove that they are not responsible.
