GDPR & Intellectual Property

The General Data Protection Regulation (GDPR — EU Regulation 2016/679) imposes obligations on companies processing personal data of EU residents.

Minimum obligations for a typical Romanian company:

• Privacy policy published on the website
• Information notice upon data collection
• Explicit consent for non-essential processing
• Internal processing register
• Agreement with data processors (cloud, mailing list, etc.)
• Incident notification procedure (72 hours to ANSPDCP — National Authority for Personal Data Protection)
• DPO appointed if you process sensitive data or on a large scale

Maximum fines: 20 million EUR or 4% of global turnover. We assist SMEs and large companies in complete GDPR implementation.

Trademark registration procedure at OSIM (Romania) or EUIPO (European Union):

1. Anteriority research — verification whether similar trademarks are already registered. Critical for avoiding oppositions and application rejection.
2. Application filing — with clear list of Nice classes (international classification of products/services). A trademark covers only the paid classes.
3. Formal + substantive examination — OSIM/EUIPO verifies legal conditions (distinctive character, non-misleading, non-confusing)
4. Publication — in the Trademark Bulletin; opposition period 2 months (RO) or 3 months (EU)
5. Registration — certificate valid 10 years, renewable

Total term: 4-9 months if no oppositions. OSIM costs: ~700-1500 RON for 1-3 classes. EUIPO costs: ~850-1200 EUR for 1-3 classes. Plus lawyer fee.

ANSPDCP (data protection authority) sanctions can be devastating. The amount depends on:

• Severity of violation — lack of policy = light violation; sensitive data exposure = serious
• Number of affected persons
• Cooperation with the authority — company's attitude during inspection
• Turnover — sanctions are percentage-based

Caps:

• Category 1 (lack of policies, register, DPO): max 10 million EUR or 2% of global turnover
• Category 2 (violations of processing principles, lack of consent): max 20 million EUR or 4% of global turnover

In Romania, ANSPDCP practice shows actual sanctions of 5,000-200,000 EUR for typical SMEs — but in serious cases, much larger amounts.

NO. Content found on the internet is protected by implicit copyright, without the need for registration. Use without authorization is infringement, sanctionable civilly and sometimes criminally.

Exceptions (use permitted without authorization):

• Short quote with source indication — for criticism, review, education
• Public domain content — over 70 years from author's death
• Creative Commons content — verify the exact license type
• Paid stock images — verify license terms (commercial use?)

Real risk: copyright fines + damages (sometimes 1,000-10,000 EUR per image for unauthorized commercial use). Recommendation: use only your own content, paid, or with explicitly verified license.

The answer depends on the legal nature of the relationship:

• Employee with employment contract — patrimonial rights belong to the employer automatically (Law 8/1996, Article 74), for works created in fulfillment of duties. Moral rights remain with the author.
• Independent contractor (freelancer) — rights remain with the author, unless there is an express assignment clause. Standard service contracts do NOT automatically transfer IP rights.
• Co-creation with founders — ambiguous situation, generates major disputes upon co-founders' separation.

Critical recommendation for startups: IP rights assignment contracts signed with all code contributors — founders, freelancers, employees (supplementary to the employment contract). Without this, company value at due diligence for investors is drastically reduced.