DPDPA is now in force in India. Run a free privacy scan on your site. Scan now

🇷🇴 European Union

Cookie consent in România

Consent and privacy law in România

In short
Romania enforces the GDPR through the ANSPDCP, implemented by Law 190/2018. Cookie rules derive from Law 506/2004 on the processing of personal data in electronic communications, which requires consent for non-essential cookies. The ANSPDCP has issued fines for insufficient security and for failures to obtain valid consent. Romanian guidance requires opt-in consent and clear information in Romanian. The authority treats online identifiers as personal data and expects controllers to document the legal basis for tracking. Banners should offer an easy reject path and avoid relying on implied consent from continued use.
Authority
Autoritatea Națională de Supraveghere a Prelucrării Datelor cu Caracter Personal (ANSPDCP)
Status

GDPR applies since 25 May 2018, with national Law 190/2018

Primary law
GDPR
Languages

ro

Who must comply

Any organization that offers goods or services to people in the EU or monitors their behavior, wherever the organization is based.

Penalties

Up to 20 million euros or 4 percent of global annual turnover, whichever is higher

Key obligations

  • Obtain prior, opt-in consent before non-essential cookies
  • Make refusing as easy as accepting
  • Keep records that prove consent
  • Honor withdrawal at any time
  • Respect data subject rights (access, erasure, portability)

Local guidance

  • Obtain consent under Law 506/2004 for non-essential cookies
  • Provide notices in Romanian
  • Document the legal basis for tracking
  • Avoid implied consent from continued browsing

How ConsentX helps

  • Prior-script blocking for true opt-in
  • Equal-weight Allow and Reject controls
  • Tamper-evident consent receipts and evidence
  • One-click withdrawal trigger
  • Built-in DSAR workflow with 30-day SLA
Get started free
yoursite.com
🇷🇴 Romania

We value your privacy

We ask for your consent before any non-essential cookie, with the rules that apply in your region.

Allow allReject non-essentialManage preferences

This page is a plain-English summary for general information and is not legal advice. Confirm your obligations with qualified local counsel.

How to comply with Romania using ConsentX

  1. 1

    Scan your website

    Run a free scan to find every cookie and tracker on your site, so you know exactly what needs consent under Romania.

  2. 2

    Show a geo-aware consent banner

    Add the ConsentX banner. It detects each visitor region and shows the consent experience that Romania requires, automatically.

  3. 3

    Block trackers until consent

    Keep non-essential cookies and trackers blocked until the visitor agrees, so nothing fires before consent.

  4. 4

    Record tamper-evident proof

    Every choice is stored as a tamper-evident consent receipt you can produce in a Romania audit.

  5. 5

    Handle data requests on time

    Use the built-in DSAR workflow with SLA timers to answer access, deletion and opt-out requests within the legal deadline.

Frequently asked questions

Which law governs cookies in Romania?+

Law 506/2004 on electronic communications privacy governs cookies and requires consent for non-essential cookies, alongside the GDPR enforced by the ANSPDCP.

What language should Romanian cookie notices use?+

Cookie notices for a Romanian audience should be in Romanian, with clear information about each tracking purpose and an easy way to reject.

Governing law

🇪🇺 GDPR

Other countries in European Union

🇩🇪 Deutschland🇫🇷 France🇪🇸 España🇮🇹 Italia🇳🇱 Nederland🇧🇪 België / Belgique🇵🇱 Polska🇵🇹 Portugal🇸🇪 Sverige🇦🇹 Österreich🇮🇪 Éire / Ireland🇩🇰 Danmark