+40 31 123 4567 contact@lexum.ro Mon - Fri, 09:00 - 18:00
GDPR & Data Protection

GDPR Updates 2026: What Changes for Businesses

Radu Mihăescu 15 May 2026

The European Data Protection Board has published new guidelines on international data transfers. What this means for Romanian companies using cloud and outsourced services.

Background

In January 2026, the EDPB published Guidelines 03/2026 updating the framework for data transfers to third countries.

What changes

  • Revised Standard Contractual Clauses
  • Mandatory assessment of government access risks
  • Additional documentation of supplementary measures

What you need to do

If you use US cloud providers (AWS, Azure, Google Cloud) or outsourced services:

  1. Map your transfers: each data category, destination and legal basis
  2. Review your mechanisms: SCCs, Binding Corporate Rules, derogations
  3. Document a Transfer Impact Assessment (TIA)
  4. Review annually

Non-compliance can result in fines of up to 4% of global annual turnover.

Contact us for a dedicated GDPR audit.

Ai o situație similară?

Programează o consultație cu un avocat specializat.

Schedule a consultation