As May 2023 marks the fifth anniversary of the implementation of GDPR, we have prepared an overview of the five years of regulatory struggle in Romania since the regulation came into effect. By examining the value of the sanctions and the types of violations, we can identify some regulatory trends of the local practice. Statistics on fines In the first year of GDPR (i.e., May 2018–May 2019), the Romanian Data Protection Authority (“the Authority”) did not issue any fines, but only recommendations, even if a significant number of ex-officio investigations were performed (namely 336). This was a year of accommodation. In the following years (May 2019–end of 2021), the Authority continued to carry
Kinstellar is delighted and proud to announce the promotions to Partner of Tomáš Melišek (Bratislava), Levente Hegedűs (Budapest), Bulut Girgin (Istanbul), Anastasiya Bolkhovitinova, Natalia Kirichenko, Oleg Matiusha, Illya Muchnyk (all in our Kyiv office), and to Counsel of Dominika Bajzáthová (Bratislava). PARTNERS Tomá š Melišek, Bratislava Tomáš is the Head of the local Banking & Finance service line. He has 15 years of experience in banking and finance, focusing on project and acquisition financing as well as on financial regulations. Tomáš has substantial experience advising clients on significant financing transactions in the areas of real estate, energy, infrastructure, automotive, media
Kinstellar is delighted to announce the promotion to Managing Associate of Martin Holub and Václav Kment, and the promotion to Senior Associate of Tereza Mašková, Matěj Večeřa and Jakub Šťastný in our Prague office. With these promotions the firm acknowledges their dedication, teamwork, consistent high level of client service, legal knowledge and transactional expertise. Martin Holub focuses on real estate, in particular real estate transactions and commercial lease agreements. Assisting clients in drafting, reviewing and negotiating of various agreements, such as share purchase, lease for office premises, development management, construction, and other real-estate related documents. Václav Kment
On 27 December 2022, the Directive on “measures for a high common level of cybersecurity across the Union”, repealing Directive (EU) 2016/1148 (the “NIS 2 Directive”), was published in the Official Journal of the European Union. The NIS 2 Directive builds on a previous NIS Directive adopted in 2016 expanding its scope to other entities. Due to a rising number of cybersecurity incidents as well as ongoing increased digitalization, the aim of the NIS 2 Directive is to cover more economic sectors and to introduce additional security and reporting requirements across all EU Member States. Member States will have until 17 October 2024 to transpose the NIS 2 Directive into their national laws. Our specialists
On Monday, May 30, the Czech National Cyber and Information Security Agency (NÚKIB) issued a fresh warning on potential cybersecurity threats stemming from the use of energy-related technical or software smart metering tools (i.e. smart meters) that do not come from countries deemed to have “trustworthy” legal environments (report available in English here). Assessing the most recent risk to be “High” the NÚKIB’s warning called on so-called obligated entities to “immediately start preparatory work to deploy technology enabling the required level of direct metering,” – meaning types B, C1, C2 or C3, as per the Czech government’s Decree No. 359/2020, on electricity metering. The NÚKIB utilised an existing
Nearly a year has passed since the lapse of the transposition period for the Digital Content Directive and the Sale of Goods Directive, which brought important changes to national consumer protection rules. However, many jurisdictions still have not implemented the Directives. We are closely monitoring the implementation process in our EU jurisdictions. Below is an overview of the implementation status of the Directives in the remaining EU Member States where Kinstellar operates that have not yet implemented the Directivesand a brief summary of the main changes and the expected country-specific implications for business. In addition, we bring you information from several non-EU countries that have taken inspiration from the
Since the war in Ukraine became the main subject of newspaper headlines, the amount of related misinformation spread online has reached new heights. As a result, several governments have adopted legislation that provides tools to combat the spread of misinformation. Below is an overview of legislation used to combat misinformation in the Central and Eastern Europe and Central Asia regions: Bulgaria It is worth noting that on 1 March 2022 the Bulgarian electronic media watchdog decided to suspend the distribution of TV channels “Russia Today” and “Sputnik” in line with the EU response to Russian military activity in Ukraine.
With the invasion of Ukraine and a substantial increase in cyberattacks on governments, critical infrastructure and other strategic targets, the topic of cybersecurity has gained even more importance. Below is an overview of the steps that national security authorities have taken to strengthen national security. Bulgaria On 24 November 2021, the Bulgarian government designated the State e-Government Agency as a national coordination centre for the purposes of Regulation (EU) 2021/887. The establishment of the coordination centre is expected to contribute to achieving a high level of network and information security, thus boosting the standards and
Kinstellar is pleased to announce that Petr Bratský has joined the firm’s Prague office as Head of the local TMT sector and service line. His addition to the firm strengthens our expertise in the TMT area. Petr is an expert in IP/IT/Media and Telecommunications. Before joining Kinstellar, Petr worked more than five years at the leading Czech law firm Havel & Partners. In his practice, he focuses primarily on technology, intellectual property, media and film law and legislative advice. Petr also provides strategic and ad hoc compliance advice on the handling of personal data in various commercial sectors. His expertise includes advising major local and international clients from across different industries
All of us have concerns regarding data privacy in the metaverse. Countless questions come to mind, such as: What is the metaverse? Can a digital personality be considered as personal data? What happens if digital data is processed? In this short article we touch on the metaverse’s main data privacy concerns. What is the metaverse? The metaverse is a virtual world that relies on multiple technologies such as virtual reality, blockchain, artificial intelligence, etc. There is no longer just one world like the real world anymore. A new virtual-world era has begun with the advent of different metaverses such as Horizon, Decentraland, Sandbox, and Upland, and it appears that their number will continue to increase.
The most fundamental factor in the successful protection of personal data is data security. Without an adequate level of data security, it is impossible to create the conditions under which the processing of personal data can be carried out responsibly. One of the most important provisions of the European General Data Protection Regulation (2016/679/EU – abbreviated as GDPR) is the requirement that the data controller and the data processor ensure a level of data security that is proportional to the level of risk involved. And the reason for this is simple: preventing a personal data breach. A personal data breach is the most dangerous situation from a data protection point of view, as not only does it presuppose an infringement