This volume represents a contribution of the activity of the members of the Research Center for data protection, established within the University of Medicine, Pharmacy, Sciences and Technology "George Emil Palade" from Targu Mures.
The research center is a laboratory that has actively contributed throughout its activity to supporting the socio-economic environment in Romania in raising awareness of the importance of personal data protection and the usefulness of adopting implementing measures and complying with specific legislation to protect privacy and personal data. Along these lines of study and analysis, the laboratory has created a series of forms that can be a useful tool for public institutions and economic agents, to have a managerial, economic and administrative activity oriented in the spirit of protecting the privacy of individuals. The laboratory benefited from primary data provided by private agencies working in the field of consulting. Each form or document has a justification and substantiation of the need for its adoption. These justifications and substantiations are a form of practical guidance for implementation. The specificity of the forms is given especially by the activity of the local public administration, but it is easily adaptable by those interested for the central public administration or to private companies, especially those in the category of data operators who have the obligation to appoint a data protection officer.
The paper presents a practical importance because it facilitates at the level of data operators the implementation of the General Regulation on Data Protection, given that a body of specialists in this field is only in training in Romania. Precisely for this reason, problems will be encountered, reflected by these forms and models, detached from the daily practical activity. Probably the most delicate of these is the issue of a Data Protection Officer (DPO) status, because the operationalization of this function generates in companies and institutions certain reluctance and tense moments, which can lead to some inefficiency in the application of the regulation.
The paper is easily accessible to those who, although they do not have a specialization in the field of data protection, have managerial attributions and are interested in making decisions in compliance with the legislation specific to this field. For example, the head of a technical department should be interested in adopting a policy of using the GPS (Global Position System) system on company vehicles, which must be done by taking into account the General Data Protection Regulation.
The paper has a deep practical character, allowing the data controller and the data protection officer to adopt a strategic position when it comes to the implementation of the General Regulation on Data Protection. The models and forms included in the volume must be read carefully by each Data Protection Officer, after which he should recommend the adoption of any of it only with proposals that reflect the specifics of each data controller. Perhaps this is the most important practical idea suggested here, namely never to focus on purchasing "putties" of models and forms, forgetting that the implementation is specific to each issue. This volume provides means for a correct and justified implementation, without claiming neither the exhaustiveness of the implementation modalities nor the exhaustion of the possible models in different fields. The paper is elaborated exclusively based on the authors' experience, being addressable to those who need implementation, public institutions and economic agents. Those who have in their attributions to contribute to the implementation of the RGPD, will discover in the document models a series of instructions and criteria for which to proceed step by step to the implementation. When a particular activity involves higher risks and the amount of personal data processed is considerable or, moreover, sensitive, the data protection officer must support the adoption of specific policies and compliant procedures.
The laboratory of the research center benefited from the collaboration of SC Amplusnet SRL from Targu Mures, meaning that the rights over the work are distributed both at the center and at the level of the collaborator. In this way I would like to thank them and I hope to consolidate and further develop this partnership.
At the same time, I would like to thank the "George Emil Palade" University for the research facilities provided and the positive effervescence in the field of research.
I would also like to thank the members of the center, co-authors of this paper, who contributed to its elaboration, namely Darius Farcas, Hilda Sumalan, Raul Miron, Laurentiu Bucur, Augustin Farcas, Cornelia Sus, Dumitru Cazac and Laurentiu Ricu with the thought that this paper falls in a series of practical works. Subsequently, the two volumes will be supplemented with a scientific study on the fundamental problems in public administration that were generated by the application of the General Regulation on Data Protection.
I also thank the director of the Editura Universitara and his collaborators for their support in publishing this volume.
Dr. Nicolae Ploesteanu
Targu Mures, September 2019