{"id":160,"date":"2026-01-20T00:00:00","date_gmt":"2026-01-19T23:00:00","guid":{"rendered":"https:\/\/helloblog.io\/ro\/checklist-gdpr-proprietari-site-ghid-complet\/"},"modified":"2026-01-20T00:00:00","modified_gmt":"2026-01-19T23:00:00","slug":"checklist-gdpr-proprietari-site-ghid-complet","status":"publish","type":"post","link":"https:\/\/helloblog.io\/ro\/checklist-gdpr-proprietari-site-ghid-complet\/","title":{"rendered":"Checklist GDPR pentru proprietarii de site-uri: ghid complet (cu pa\u0219i practici \u0219i note pentru WordPress)"},"content":{"rendered":"\n<p>GDPR (General Data Protection Regulation) r\u0103m\u00e2ne una dintre cele mai stricte \u0219i cuprinz\u0103toare reglement\u0103ri de confiden\u021bialitate. Dac\u0103 site-ul t\u0103u (blog, magazin online, SaaS, aplica\u021bie) proceseaz\u0103 date personale ale reziden\u021bilor din UE, conformarea nu este op\u021bional\u0103 \u2014 indiferent unde ai firma sau serverele.<\/p>\n\n\n\n<p>Pe l\u00e2ng\u0103 cerin\u021bele opera\u021bionale (politici, procese, contracte), GDPR vine \u0219i cu risc real: amenzile pot ajunge p\u00e2n\u0103 la <strong>20 milioane EUR<\/strong> sau <strong>4% din cifra de afaceri anual\u0103 global\u0103<\/strong> (oricare e mai mare). Checklist-ul de mai jos este g\u00e2ndit ca un instrument practic pentru proprietari de site-uri \u0219i echipe tehnice care trebuie s\u0103 pun\u0103 lucrurile \u00een ordine \u0219i s\u0103 poat\u0103 demonstra conformarea.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Ce este GDPR (pe scurt, dar corect)<\/h2>\n\n\n\n<p>GDPR este cadrul legal al Uniunii Europene aplicabil din <strong>25 mai 2018<\/strong>, care stabile\u0219te reguli clare despre cum sunt colectate, folosite, stocate \u0219i partajate datele personale. Regulamentul se aplic\u0103 at\u00e2t organiza\u021biilor din UE, c\u00e2t \u0219i celor din afara UE, dac\u0103 proceseaz\u0103 date personale ale reziden\u021bilor UE.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">\u00cen\u021belege rolul t\u0103u: Controller vs Processor<\/h2>\n\n\n\n<p>\u00cen practic\u0103, conformarea \u00eencepe cu o clarificare: cine decide \u201ede ce\u201d \u0219i \u201ecum\u201d sunt prelucrate datele \u0219i cine doar execut\u0103 prelucrarea pentru altcineva.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>Data Controller<\/strong>: organiza\u021bia care stabile\u0219te scopul \u0219i mijloacele prelucr\u0103rii datelor personale (de regul\u0103 proprietarul afacerii\/site-ului). Are responsabilitatea principal\u0103 pentru conformarea GDPR.<\/li>\n\n\n<li><strong>Data Processor<\/strong>: ter\u021bul care prelucreaz\u0103 date personale \u00een numele unui controller (de exemplu, un furnizor SaaS, un serviciu de email marketing, uneori chiar un provider de hosting \u00een func\u021bie de rela\u021bia contractual\u0103). Trebuie s\u0103 aib\u0103 m\u0103suri tehnice \u0219i organizatorice adecvate.<\/li>\n\n\n<li><strong>Data Subject<\/strong>: persoana fizic\u0103 ale c\u0103rei date sunt prelucrate. GDPR exist\u0103 pentru a-i proteja drepturile.<\/li>\n\n<\/ul>\n\n\n\n<p>Aten\u021bie: aceea\u0219i organiza\u021bie poate fi \u0219i Controller \u0219i Processor, \u00een func\u021bie de contextul fiec\u0103rui flux de date.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Cele 7 principii GDPR (baza pentru orice implementare)<\/h2>\n\n\n\n<p>\u00cenainte s\u0103 bifezi documente \u0219i bannere, merit\u0103 s\u0103 verifici dac\u0103 deciziile tale tehnice respect\u0103 principiile de baz\u0103. GDPR le trateaz\u0103 ca funda\u021bie pentru tot restul.<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li><strong>Legalitate, echitate \u0219i transparen\u021b\u0103<\/strong>: prelucreaz\u0103 datele legal \u0219i spune clar oamenilor ce faci cu ele.<\/li>\n\n\n<li><strong>Limitarea scopului<\/strong>: colecteaz\u0103 date doar pentru motive specifice \u0219i legitime.<\/li>\n\n\n<li><strong>Minimizarea datelor<\/strong>: colecteaz\u0103 strict minimul necesar.<\/li>\n\n\n<li><strong>Acurate\u021be<\/strong>: datele trebuie s\u0103 fie corecte \u0219i actualizate.<\/li>\n\n\n<li><strong>Limitarea stoc\u0103rii<\/strong>: nu p\u0103stra datele mai mult dec\u00e2t e necesar.<\/li>\n\n\n<li><strong>Integritate \u0219i confiden\u021bialitate<\/strong>: protejeaz\u0103 datele \u00eempotriva accesului neautorizat prin m\u0103suri de securitate adecvate.<\/li>\n\n\n<li><strong>Responsabilitate (accountability)<\/strong>: trebuie s\u0103 po\u021bi demonstra c\u0103 respec\u021bi GDPR (nu doar s\u0103 declari).<\/li>\n\n<\/ol>\n\n\n\n<h2 class=\"wp-block-heading\">Checklist complet de conformare GDPR<\/h2>\n\n\n\n<p>Mai jos ai un checklist structurat pe zone. Fiecare punct include pentru cine se aplic\u0103 \u0219i referin\u021be pe articole GDPR (exact cum apar \u00een regulament).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">1) Date (inventar, fluxuri, politici)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">1.1 Ai o list\u0103 cu toate tipurile de informa\u021bii personale pe care le de\u021bii, sursa lor, cu cine le partajezi, ce faci cu ele \u0219i c\u00e2t timp le p\u0103strezi<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Aici vorbim de tipuri concrete de date (practic \u201ecoloane\u201d): nume, email, adres\u0103, identificatori online, eventual CNP\/num\u0103r document (dac\u0103 exist\u0103), IP, etc. Pentru fiecare tip, documenteaz\u0103 sursa, destinatarii (dac\u0103 partajezi cu ter\u021bi), scopul prelucr\u0103rii \u0219i perioada de reten\u021bie (c\u00e2t timp p\u0103strezi).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 30<\/strong> \u2013 Records of processing activities<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1.2 Ai o list\u0103 a locurilor unde p\u0103strezi date personale \u0219i a modului \u00een care \u201ecurg\u201d datele \u00eentre ele<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Nu e vorba doar de baze de date (de exemplu MySQL), ci \u0219i de stoc\u0103ri offline (h\u00e2rtie), exporturi CSV, loguri, backup-uri, inbox-uri de suport, tool-uri de marketing, CRM-uri etc. Important este s\u0103 \u00een\u021belegi fluxul: de unde intr\u0103, unde ajung, cine are acces \u0219i cum se propag\u0103.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 30<\/strong> \u2013 Records of processing activities<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1.3 Ai o politic\u0103 de confiden\u021bialitate public\u0103, accesibil\u0103, care descrie toate procesele legate de datele personale<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Politica trebuie s\u0103 acopere procesele relevante pentru date personale \u0219i, ideal, s\u0103 includ\u0103 (sau s\u0103 trimit\u0103 c\u0103tre) tipurile de date p\u0103strate \u0219i loca\u021biile\/mediile \u00een care sunt p\u0103strate.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 30<\/strong> \u2013 Records of processing activities<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">1.4 Politica de confiden\u021bialitate include baza legal\u0103 (lawful basis) pentru care prelucrezi date personale<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Trebuie s\u0103 explici de ce ai nevoie s\u0103 prelucrezi datele. Un exemplu tipic este executarea unui contract (de exemplu, livrarea unui produs\/serviciu).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 6<\/strong> \u2013 Lawfulness of processing<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">2) Accountability &#038; Management (guvernan\u021b\u0103, securitate, contracte)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">2.1 Ai desemnat un Data Protection Officer (DPO), dac\u0103 intri \u00een cazurile \u00een care este obligatoriu<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Un DPO este necesar doar \u00een trei scenarii:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Prelucrarea este realizat\u0103 de o autoritate sau organism public, cu excep\u021bia instan\u021belor care ac\u021bioneaz\u0103 \u00een exercitarea func\u021biei judiciare.<\/li>\n\n\n<li>Activit\u0103\u021bile de baz\u0103 ale business-ului constau \u00een opera\u021biuni care, prin natura, amploarea \u0219i\/sau scopurile lor, necesit\u0103 monitorizare regulat\u0103 \u0219i sistematic\u0103 a persoanelor vizate la scar\u0103 larg\u0103.<\/li>\n\n\n<li>Activit\u0103\u021bile de baz\u0103 ale business-ului constau \u00een prelucrarea la scar\u0103 larg\u0103 a categoriilor speciale de date (date sensibile) conform <strong>Article 9<\/strong> \u0219i a datelor privind condamn\u0103ri penale\/infrac\u021biuni conform <strong>Article 10<\/strong>.<\/li>\n\n<\/ol>\n\n\n\n<p>Dac\u0103 ai nevoie de DPO, persoana respectiv\u0103 trebuie s\u0103 cunoasc\u0103 ghidurile GDPR \u0219i s\u0103 \u00een\u021beleag\u0103 procesele interne care implic\u0103 date personale.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 37<\/strong> \u2013 Designation of the data protection officer<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.2 Creezi awareness la nivel de deciden\u021bi despre ghidurile GDPR<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Cei care iau decizii (management, product owner, marketing, IT) trebuie s\u0103 aib\u0103 cuno\u0219tin\u021be actualizate despre legisla\u021bia de protec\u021bie a datelor, altfel vei avea \u201ecompliance pe h\u00e2rtie\u201d \u0219i derapaje \u00een practic\u0103.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 25<\/strong> \u2013 Data protection by design and by default<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.3 Securitatea tehnic\u0103 este la zi<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Mai ales \u00een companii SaaS, e util s\u0103 porne\u0219ti de la security checklists \u0219i s\u0103 te asiguri c\u0103 m\u0103surile tehnice necesare sunt implementate \u0219i men\u021binute.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 25<\/strong> \u2013 Data protection by design and by default<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.4 Instruie\u0219ti personalul cu privire la protec\u021bia datelor<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Processor<\/em><\/p>\n\n\n\n<p>Multe bre\u0219e pornesc de la \u201efactorul uman\u201d: o persoan\u0103 bine inten\u021bionat\u0103, dar care are acces la sisteme interne \u0219i cade \u00eentr-un scenariu de phishing\/social engineering. Training-ul reduce acest risc.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 25<\/strong> \u2013 Data protection by design and by default<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.5 Ai o list\u0103 de sub-procesatori (sub-processors) \u0219i politica ta men\u021bioneaz\u0103 utilizarea lor<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Processor<\/em><\/p>\n\n\n\n<p>Dac\u0103 folose\u0219ti al\u021bi furnizori ca s\u0103 \u00ee\u021bi livrezi serviciul (de exemplu, infrastructur\u0103, email delivery, analytics), trebuie s\u0103 \u00ee\u021bi informezi clien\u021bii despre ace\u0219ti sub-procesatori, iar acceptarea politicii de confiden\u021bialitate func\u021bioneaz\u0103 ca mecanism de consim\u021b\u0103m\u00e2nt pentru aceast\u0103 transparen\u021b\u0103.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 28<\/strong> \u2013 Processor<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.6 Dac\u0103 operezi \u00een afara UE, ai un reprezentant \u00een UE<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Dac\u0103 business-ul este \u00een afara UE, dar colectezi date despre cet\u0103\u021beni\/reziden\u021bi UE, trebuie s\u0103 desemnezi un reprezentant \u00eentr-un stat membru. Acesta gestioneaz\u0103 chestiunile legate de prelucrare \u0219i trebuie s\u0103 poat\u0103 fi contactat de autorit\u0103\u021bile locale.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 27<\/strong> \u2013 Representatives of controllers or processors not established in the Union<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.7 Raportezi bre\u0219ele de date (personal data breaches) c\u0103tre autoritatea local\u0103 \u0219i c\u0103tre persoanele afectate<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Bre\u0219ele care implic\u0103 date personale trebuie raportate c\u0103tre autoritatea local\u0103 \u00een <strong>72 de ore<\/strong>. Raportarea ar trebui s\u0103 includ\u0103 ce date au fost pierdute, consecin\u021bele \u0219i contram\u0103surile luate. \u00cen plus, dac\u0103 datele scurse nu erau criptate, trebuie s\u0103 informezi \u0219i persoana vizat\u0103 ale c\u0103rei date au fost compromise.<\/p>\n\n\n\n<p><strong>Referin\u021be:<\/strong> GDPR <strong>Article 33<\/strong> \u2013 Notification of a personal data breach to the supervisory authority; GDPR <strong>Article 34<\/strong> \u2013 Communication of a personal data breach to the data subject<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">2.8 Ai contracte cu orice data processor cu care partajezi date<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Contractul trebuie s\u0103 con\u021bin\u0103 instruc\u021biuni explicite despre stocarea\/prelucrarea datelor de c\u0103tre processor \u0219i s\u0103 stabileasc\u0103: obiectul \u0219i durata prelucr\u0103rii, natura \u0219i scopul, tipurile de date personale, categoriile de persoane vizate, plus obliga\u021biile \u0219i drepturile controller-ului.<\/p>\n\n\n\n<p>Exemplu: contract cu providerul de hosting. Acelea\u0219i cerin\u021be contractuale se aplic\u0103 \u0219i c\u00e2nd un processor angajeaz\u0103 un sub-processor pentru a-l ajuta s\u0103 \u00ee\u0219i \u00eendeplineasc\u0103 activit\u0103\u021bile de prelucrare \u00een numele controller-ului.<\/p>\n\n\n\n<p><strong>Referin\u021be:<\/strong> GDPR <strong>Article 28<\/strong> \u2013 Processor; GDPR <strong>Article 29<\/strong> \u2013 Processing under the authority of the controller or processor<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">3) Drepturi noi (opera\u021bionalizare: cereri, export, \u0219tergere)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">3.1 Clien\u021bii\/utilizatorii pot cere u\u0219or acces la datele lor personale<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Ai nevoie de un proces clar definit pentru cererile de acces (DSAR).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 15<\/strong> \u2013 Right of access by the data subject<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.2 Clien\u021bii\/utilizatorii pot actualiza u\u0219or datele personale ca s\u0103 r\u0103m\u00e2n\u0103 corecte<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Trebuie s\u0103 oferi un mecanism prin care utilizatorii pot corecta datele inexacte.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 16<\/strong> \u2013 Right to rectification<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.3 \u0218tergi automat datele de care business-ul nu mai are nevoie<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>\u0218tergerea ar trebui automatizat\u0103 pe c\u00e2t posibil. Exemplu: \u0219tergerea automat\u0103 a datelor clien\u021bilor ale c\u0103ror contracte nu au fost re\u00eennoite.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 5<\/strong> \u2013 Principles relating to processing of personal data<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.4 Clien\u021bii\/utilizatorii pot cere u\u0219or \u0219tergerea datelor (dreptul de a fi uitat)<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Ai nevoie de un proces clar pentru cererile de \u0219tergere (right to be forgotten).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 17<\/strong> \u2013 Right to erasure (&#8216;right to be forgotten&#8217;)<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.5 Clien\u021bii\/utilizatorii pot cere u\u0219or s\u0103 opre\u0219ti prelucrarea datelor<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Utilizatorii au dreptul s\u0103 restric\u021bioneze modul \u00een care sunt prelucrate datele lor.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 18<\/strong> \u2013 Right to restriction of processing<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.6 Clien\u021bii\/utilizatorii pot cere u\u0219or livrarea datelor c\u0103tre ei sau c\u0103tre un ter\u021b<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>Portabilitatea datelor \u00eenseamn\u0103 c\u0103 utilizatorii pot solicita datele \u00eentr-un format structurat, utilizat \u00een mod obi\u0219nuit \u0219i u\u0219or de procesat automat (machine-readable).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 20<\/strong> \u2013 Right to data portability<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">3.7 Clien\u021bii\/utilizatorii pot obiecta u\u0219or la profiling sau la decizii automate care \u00eei pot afecta<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Punctul acesta e relevant doar dac\u0103 faci profiling sau alte forme de decizie automat\u0103.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 22<\/strong> \u2013 Automated individual decision-making, including profiling<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">4) Consim\u021b\u0103m\u00e2nt (consent)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">4.1 C\u00e2nd prelucrarea se bazeaz\u0103 pe consim\u021b\u0103m\u00e2nt, acesta trebuie s\u0103 fie liber, specific, informat \u0219i revocabil<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Dac\u0103 site-ul colecteaz\u0103 date personale, trebuie s\u0103 existe un link vizibil c\u0103tre politica de confiden\u021bialitate \u0219i s\u0103 confirmi c\u0103 utilizatorul accept\u0103 termenii\/condi\u021biile. Consim\u021b\u0103m\u00e2ntul presupune o ac\u021biune afirmativ\u0103: <strong>c\u0103su\u021bele pre-bifate nu sunt permise<\/strong>.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 7<\/strong> \u2013 Conditions for consent<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4.2 Politica de confiden\u021bialitate este scris\u0103 clar \u0219i u\u0219or de \u00een\u021beles<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Trebuie s\u0103 fie simpl\u0103, clar\u0103 \u0219i s\u0103 nu ascund\u0103 inten\u021bia. Dac\u0103 nu e, consim\u021b\u0103m\u00e2ntul poate fi invalid. Iar dac\u0103 oferi servicii copiilor, textul trebuie s\u0103 fie suficient de accesibil pentru ei.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 7.2<\/strong> \u2013 Conditions for consent<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4.3 Retragerea consim\u021b\u0103m\u00e2ntului este la fel de u\u0219oar\u0103 ca acordarea lui<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Nu ai voie s\u0103 faci \u201eunsubscription\u201d mai greu dec\u00e2t \u201esubscription\u201d.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 7.3<\/strong> \u2013 Conditions for consent<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4.4 Dac\u0103 prelucrezi date ale copiilor, verifici v\u00e2rsta \u0219i ceri consim\u021b\u0103m\u00e2ntul tutorelui legal<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Pentru copiii sub 16 ani, trebuie s\u0103 te asiguri c\u0103 un tutore legal a consim\u021bit la prelucrare. Dac\u0103 consim\u021b\u0103m\u00e2ntul e dat via site, trebuie s\u0103 \u00eencerci s\u0103 confirmi c\u0103 aprobarea chiar a fost dat\u0103 de tutore (nu de copil).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 8<\/strong> \u2013 Conditions applicable to child&#8217;s consent in relation to information society services<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">4.5 C\u00e2nd actualizezi politica de confiden\u021bialitate, informezi clien\u021bii existen\u021bi<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>De exemplu, prin email despre schimb\u0103rile care urmeaz\u0103. Comunicarea ar trebui s\u0103 explice simplu ce s-a modificat.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 7<\/strong> \u2013 Conditions for consent<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">5) Follow-up (revizuire continu\u0103)<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">5.1 Revizuie\u0219ti regulat politicile: schimb\u0103ri, eficien\u021b\u0103, modific\u0103ri \u00een modul de prelucrare \u0219i schimb\u0103ri \u00een situa\u021bia \u021b\u0103rilor c\u0103tre care \u201ecurg\u201d date<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>GDPR nu e un proiect \u201eone-off\u201d. Trebuie s\u0103 urm\u0103re\u0219ti bune practici, schimb\u0103ri interne (tool-uri noi, plugin-uri noi, fluxuri noi) \u0219i schimb\u0103ri \u00een mediul legal, inclusiv \u00een \u021b\u0103rile c\u0103tre care transferi date.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 25<\/strong> \u2013 Data protection by design and by default<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">6) Cazuri speciale<\/h3>\n\n\n\n<h4 class=\"wp-block-heading\">6.1 \u00cen\u021belegi c\u00e2nd trebuie s\u0103 faci un DPIA pentru prelucrare cu risc ridicat<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller<\/em><\/p>\n\n\n\n<p>Obliga\u021bia asta apare \u00een special la prelucr\u0103ri la scar\u0103 larg\u0103, profiling \u0219i alte activit\u0103\u021bi cu risc ridicat pentru drepturile \u0219i libert\u0103\u021bile persoanelor. \u00cen astfel de situa\u021bii, trebuie realizat un Data Protection Impact Assessment (DPIA).<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 35<\/strong> \u2013 Data protection impact assessment<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">6.2 Transferi date \u00een afara UE doar c\u0103tre \u021b\u0103ri cu nivel adecvat de protec\u021bie (\u0219i dezv\u0103lui transferurile \u00een politic\u0103)<\/h4>\n\n\n\n<p><em>Se aplic\u0103: Data Controller, Data Processor<\/em><\/p>\n\n\n\n<p>\u00cen plus, aceste fluxuri transfrontaliere trebuie men\u021bionate \u00een politica de confiden\u021bialitate. Dac\u0103 transferi c\u0103tre \u021b\u0103ri f\u0103r\u0103 nivel adecvat, folose\u0219te <strong>Standard Contractual Clauses (SCCs)<\/strong> sau <strong>Binding Corporate Rules (BCRs)<\/strong>.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 45<\/strong> \u2013 Transfers on the basis of an adequacy decision<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Drepturile utilizatorilor (Data Subject Rights) \u2014 ce trebuie s\u0103 po\u021bi sus\u021bine \u00een practic\u0103<\/h2>\n\n\n\n<p>Pe partea de produs \u0219i opera\u021biuni, drepturile de mai jos trebuie s\u0103 fie acoperite prin procese \u0219i mecanisme func\u021bionale (nu doar men\u021bionate \u00een politic\u0103).<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul la informare transparent\u0103<\/h3>\n\n\n\n<p>Controller-ul trebuie s\u0103 ia m\u0103suri adecvate pentru a furniza informa\u021biile despre prelucrare \u00eentr-o form\u0103 concis\u0103, transparent\u0103, inteligibil\u0103 \u0219i u\u0219or accesibil\u0103, cu limbaj clar \u0219i simplu, \u00een special c\u00e2nd informa\u021biile sunt adresate unui copil. Informa\u021biile pot fi furnizate \u00een scris sau prin alte mijloace, inclusiv electronic.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 12<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de a primi informa\u021bii specifice c\u00e2nd datele sunt colectate direct<\/h3>\n\n\n\n<p>Trebuie s\u0103 oferi cel pu\u021bin urm\u0103toarele informa\u021bii:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Identitatea \u0219i datele de contact ale controller-ului<\/li>\n\n\n<li>Datele de contact ale DPO (unde este cazul)<\/li>\n\n\n<li>Scopurile prelucr\u0103rii \u0219i baza legal\u0103<\/li>\n\n\n<li>Interesele legitime urm\u0103rite de controller (unde este cazul)<\/li>\n\n\n<li>Destinatarii sau categoriile de destinatari ai datelor personale<\/li>\n\n\n<li>Informa\u021bii despre transferurile c\u0103tre \u021b\u0103ri ter\u021be<\/li>\n\n<\/ol>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 13<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de a primi informa\u021bii specifice c\u00e2nd datele nu sunt colectate direct<\/h3>\n\n\n\n<p>C\u00e2nd ob\u021bii date din alte surse dec\u00e2t persoana vizat\u0103, trebuie s\u0103 furnizezi informa\u021bii similare, inclusiv categoriile de date personale vizate \u0219i sursa datelor.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 14<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de acces<\/h3>\n\n\n\n<p>Persoana vizat\u0103 are dreptul s\u0103 ob\u021bin\u0103 confirmarea dac\u0103 datele sale sunt prelucrate \u0219i acces la:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>scopurile prelucr\u0103rii<\/li>\n\n\n<li>categoriile de date personale vizate<\/li>\n\n\n<li>destinatarii c\u0103tre care datele au fost sau vor fi divulgate<\/li>\n\n\n<li>perioada de reten\u021bie avut\u0103 \u00een vedere<\/li>\n\n\n<li>existen\u021ba drepturilor de rectificare, \u0219tergere, restric\u021bionare \u0219i obiec\u021bie<\/li>\n\n\n<li>dreptul de a depune pl\u00e2ngere la o autoritate de supraveghere<\/li>\n\n\n<li>informa\u021bii despre sursa datelor (dac\u0103 nu au fost colectate de la persoana vizat\u0103)<\/li>\n\n\n<li>existen\u021ba deciziilor automate, inclusiv profiling<\/li>\n\n<\/ul>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 15<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul la rectificare<\/h3>\n\n\n\n<p>Persoana vizat\u0103 poate cere f\u0103r\u0103 \u00eent\u00e2rzieri nejustificate rectificarea datelor inexacte \u0219i completarea datelor incomplete.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 16<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul la \u0219tergere (right to be forgotten)<\/h3>\n\n\n\n<p>Persoana vizat\u0103 poate cere \u0219tergerea datelor personale c\u00e2nd:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Datele nu mai sunt necesare pentru scopul ini\u021bial<\/li>\n\n\n<li>Consim\u021b\u0103m\u00e2ntul este retras \u0219i nu exist\u0103 alt temei legal<\/li>\n\n\n<li>Persoana se opune prelucr\u0103rii \u0219i nu exist\u0103 motive legitime prevalente<\/li>\n\n\n<li>Datele au fost prelucrate ilegal<\/li>\n\n\n<li>Datele trebuie \u0219terse pentru respectarea unei obliga\u021bii legale<\/li>\n\n\n<li>Datele au fost colectate \u00een leg\u0103tur\u0103 cu servicii ale societ\u0103\u021bii informa\u021bionale oferite unui copil<\/li>\n\n<\/ol>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 17<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul la restric\u021bionarea prelucr\u0103rii<\/h3>\n\n\n\n<p>Persoana vizat\u0103 poate ob\u021bine restric\u021bionarea prelucr\u0103rii c\u00e2nd:<\/p>\n\n\n\n<ol class=\"wp-block-list\">\n\n<li>Contest\u0103 acurate\u021bea datelor (pentru perioada necesar\u0103 verific\u0103rii)<\/li>\n\n\n<li>Prelucrarea este ilegal\u0103 \u0219i se opune \u0219tergerii<\/li>\n\n\n<li>Controller-ul nu mai are nevoie de date, dar persoana le solicit\u0103 pentru constat\u0103ri\/cereri\/defense legale<\/li>\n\n\n<li>Persoana s-a opus prelucr\u0103rii, \u00een a\u0219teptarea verific\u0103rii motivelor legitime<\/li>\n\n<\/ol>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 18<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de a fi notificat privind rectificarea, \u0219tergerea sau restric\u021bionarea<\/h3>\n\n\n\n<p>Controller-ul trebuie s\u0103 comunice rectificarea\/\u0219tergerea\/restric\u021bionarea fiec\u0103rui destinatar c\u0103ruia i-au fost divulgate datele, cu excep\u021bia cazului \u00een care acest lucru este imposibil sau implic\u0103 efort dispropor\u021bionat.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 19<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul la portabilitatea datelor<\/h3>\n\n\n\n<p>Persoana vizat\u0103 are dreptul s\u0103 primeasc\u0103 datele \u00eentr-un format structurat, utilizat \u00een mod obi\u0219nuit \u0219i machine-readable \u0219i s\u0103 le transmit\u0103 c\u0103tre alt controller f\u0103r\u0103 obstacole.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 20<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de opozi\u021bie<\/h3>\n\n\n\n<p>Persoana vizat\u0103 se poate opune oric\u00e2nd, din motive legate de situa\u021bia sa particular\u0103, prelucr\u0103rii bazate pe interes legitim sau interes public, inclusiv profiling.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 21<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Dreptul de a nu fi supus unei decizii exclusiv automate<\/h3>\n\n\n\n<p>Persoana vizat\u0103 are dreptul s\u0103 nu fie supus\u0103 unei decizii bazate exclusiv pe prelucrare automat\u0103 (inclusiv profiling) care produce efecte juridice sau o afecteaz\u0103 semnificativ \u00eentr-un mod similar.<\/p>\n\n\n\n<p><strong>Referin\u021b\u0103:<\/strong> GDPR <strong>Article 22<\/strong><\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Pa\u0219i practici de implementare (pentru site-uri reale, nu doar documente)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">1) Securizeaz\u0103 site-ul<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Instaleaz\u0103 un <strong>certificat SSL<\/strong> (HTTPS) pentru a cripta datele \u00eentre browser \u0219i server<\/li>\n\n\n<li>Folose\u0219te <strong>parole puternice<\/strong> pentru toate conturile admin<\/li>\n\n\n<li>Adaug\u0103 <strong>protec\u021bie suplimentar\u0103<\/strong> pentru gestionarea informa\u021biilor de plat\u0103<\/li>\n\n\n<li>Folose\u0219te un <strong>CDN<\/strong> care ofer\u0103 protec\u021bie \u00eempotriva atacurilor DDoS<\/li>\n\n\n<li>Folose\u0219te <strong>anti-virus<\/strong> pentru a preveni accesul neautorizat<\/li>\n\n\n<li>Aplic\u0103 <strong>data minimization<\/strong>: colecteaz\u0103 doar ce e necesar<\/li>\n\n\n<li>Aplic\u0103 <strong>pseudonymization<\/strong> sau <strong>anonymization<\/strong> \u00eenainte de stocare, unde are sens<\/li>\n\n\n<li>F\u0103 <strong>backup<\/strong> \u00een mai multe loca\u021bii securizate<\/li>\n\n\n<li><strong>\u0218terge datele<\/strong> c\u00e2nd nu mai sunt necesare<\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">2) Adaug\u0103 un Cookie Consent Banner corect<\/h3>\n\n\n\n<p>Dac\u0103 site-ul folose\u0219te cookie-uri non-esen\u021biale, ai nevoie de consim\u021b\u0103m\u00e2nt explicit \u00eenainte s\u0103 le activezi.<\/p>\n\n\n\n<p>Un banner de cookie-uri conform trebuie s\u0103 fac\u0103 urm\u0103toarele:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>Blocheaz\u0103 cookie-urile p\u00e2n\u0103 la consim\u021b\u0103m\u00e2nt<\/strong>: \u00eencarc\u0103 doar cookie-urile necesare p\u00e2n\u0103 c\u00e2nd utilizatorul alege explicit<\/li>\n\n\n<li>Folose\u0219te <strong>limbaj simplu \u0219i clar<\/strong>: explic\u0103 ce cookie-uri folose\u0219ti \u0219i de ce<\/li>\n\n\n<li>Arat\u0103 <strong>butoane Accept\/Reject egale<\/strong>: nu ascunde op\u021biunea de refuz<\/li>\n\n\n<li>Ofer\u0103 <strong>op\u021biuni granulare<\/strong>: utilizatorul poate alege categorii specifice<\/li>\n\n\n<li>Permite <strong>retragerea consim\u021b\u0103m\u00e2ntului<\/strong>: o cale u\u0219oar\u0103 de a schimba preferin\u021bele ulterior<\/li>\n\n\n<li><strong>\u00cenregistreaz\u0103 consim\u021b\u0103m\u00e2ntul<\/strong>: stocheaz\u0103 alegerile cu timestamp ca s\u0103 po\u021bi demonstra conformarea<\/li>\n\n<\/ul>\n\n\n\n<div class=\"wp-block-group callout callout-warning is-style-warning is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Important<\/h4>\n\n\n<p>Scroll-ul sau lipsa interac\u021biunii NU \u00eenseamn\u0103 consim\u021b\u0103m\u00e2nt.<\/p>\n\n<\/div>\n\n\n\n<h3 class=\"wp-block-heading\">3) Revizuie\u0219te formularele din site<\/h3>\n\n\n\n<p>Orice formular care colecteaz\u0103 date personale trebuie s\u0103 fie aliniat cu GDPR. \u00cen practic\u0103, verific\u0103 urm\u0103toarele:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Include o <strong>declara\u021bie de confiden\u021bialitate<\/strong> (privacy statement) care explic\u0103 de ce ai nevoie de date<\/li>\n\n\n<li>Adaug\u0103 o <strong>c\u0103su\u021b\u0103 nebifat\u0103<\/strong> pentru consim\u021b\u0103m\u00e2nt<\/li>\n\n\n<li>Ofer\u0103 un <strong>opt-in separat<\/strong> pentru comunic\u0103ri de marketing<\/li>\n\n\n<li>Leag\u0103 c\u0103tre <strong>Privacy Policy<\/strong><\/li>\n\n\n<li>Folose\u0219te <strong>limbaj clar \u0219i simplu<\/strong><\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">4) Ob\u021bine consim\u021b\u0103m\u00e2nt pentru emailuri de marketing<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Folose\u0219te doar <strong>opt-in clar<\/strong>: checkbox nebifat explicit pentru consim\u021b\u0103m\u00e2ntul de email<\/li>\n\n\n<li>Implementeaz\u0103 <strong>double opt-in<\/strong>: confirmare prin email dup\u0103 \u00eenscriere<\/li>\n\n\n<li>P\u0103streaz\u0103 <strong>eviden\u021be ale consim\u021b\u0103m\u00e2ntului<\/strong>: data, ora, metoda \u0219i scopul<\/li>\n\n\n<li>Include un link de <strong>dezabonare vizibil<\/strong>: un-click unsubscribe \u00een fiecare email<\/li>\n\n\n<li>Proceseaz\u0103 dezabon\u0103rile rapid: ideal \u00een <strong>24 de ore<\/strong><\/li>\n\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">5) Preg\u0103te\u0219te-te pentru incidente \u0219i bre\u0219e de date<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>Notific\u0103 autoritatea de supraveghere \u00een <strong>72 de ore<\/strong><\/li>\n\n\n<li>Notific\u0103 utilizatorii afecta\u021bi dac\u0103 exist\u0103 risc ridicat pentru drepturile lor<\/li>\n\n\n<li>Documenteaz\u0103 totul pentru accountability<\/li>\n\n\n<li>Actualizeaz\u0103 politicile \u0219i m\u0103surile ca s\u0103 previi recuren\u021ba<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Considera\u021bii specifice pentru WordPress<\/h2>\n\n\n\n<p>Dac\u0103 rulezi pe WordPress, ai c\u00e2teva puncte foarte concrete care merit\u0103 tratate ca checklist opera\u021bional:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>\u021aine la zi <strong>WordPress core<\/strong>, temele \u0219i plugin-urile<\/li>\n\n\n<li>Folose\u0219te plugin-uri de formulare de contact care suport\u0103 op\u021biuni GDPR (inclusiv checkbox-uri de consim\u021b\u0103m\u00e2nt)<\/li>\n\n\n<li>Instaleaz\u0103 o solu\u021bie serioas\u0103 de <strong>cookie consent<\/strong> (care poate bloca scripturi\/cookie-uri non-esen\u021biale p\u00e2n\u0103 la opt-in)<\/li>\n\n\n<li>Folose\u0219te o solu\u021bie de <strong>analytics<\/strong> compatibil\u0103 cu cerin\u021bele GDPR<\/li>\n\n\n<li>Revizuie\u0219te practicile de colectare de date ale plugin-urilor (ce trimit, unde trimit, ce stocheaz\u0103)<\/li>\n\n\n<li>Implementeaz\u0103 func\u021bionalit\u0103\u021bi de <strong>export\/\u0219tergere a datelor<\/strong> utilizatorului (pentru cererile de tip DSAR)<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">Amenzi \u0219i consecin\u021be (pe l\u00e2ng\u0103 bani)<\/h2>\n\n\n\n<p>GDPR are dou\u0103 praguri de sanc\u021biuni financiare:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li><strong>Lower tier violations<\/strong>: p\u00e2n\u0103 la <strong>10 milioane EUR<\/strong> sau <strong>2%<\/strong> din cifra de afaceri anual\u0103 global\u0103<\/li>\n\n\n<li><strong>Upper tier violations<\/strong>: p\u00e2n\u0103 la <strong>20 milioane EUR<\/strong> sau <strong>4%<\/strong> din cifra de afaceri anual\u0103 global\u0103<\/li>\n\n<\/ul>\n\n\n\n<p>Dincolo de amenzi, autorit\u0103\u021bile pot aplica \u0219i m\u0103suri precum:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n\n<li>avertismente<\/li>\n\n\n<li>interzicerea temporar\u0103 sau permanent\u0103 a prelucr\u0103rii<\/li>\n\n\n<li>ordonarea \u0219tergerii datelor<\/li>\n\n\n<li>restric\u021bionarea transferurilor de date<\/li>\n\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">\u00centreb\u0103ri frecvente (FAQ)<\/h2>\n\n\n\n<h3 class=\"wp-block-heading\">Ce este un GDPR compliance checklist?<\/h3>\n\n\n\n<p>Un GDPR compliance checklist este o list\u0103 de ac\u021biuni pe care trebuie s\u0103 le faci pentru a respecta GDPR. Te ajut\u0103 s\u0103 identifici zonele \u00een care trebuie \u00eembun\u0103t\u0103\u021bite practicile de protec\u021bie a datelor.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Cine este responsabil pentru conformarea GDPR?<\/h3>\n\n\n\n<p>Data controller (de regul\u0103 proprietarul site-ului\/business-ului) este responsabilul principal. Data processors au \u0219i ei obliga\u021bii de conformare.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Se aplic\u0103 GDPR companiilor din SUA?<\/h3>\n\n\n\n<p>Da, dac\u0103 procesezi date personale ale reziden\u021bilor din UE \u2014 indiferent unde este localizat business-ul.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Care este penalitatea maxim\u0103 pentru neconformare?<\/h3>\n\n\n\n<p>P\u00e2n\u0103 la 20 milioane EUR sau 4% din cifra de afaceri anual\u0103 global\u0103, oricare este mai mare.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Am nevoie de cookie banner?<\/h3>\n\n\n\n<p>Da, dac\u0103 site-ul folose\u0219te cookie-uri non-esen\u021biale \u0219i ai vizitatori din UE.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Am nevoie de Data Protection Officer (DPO)?<\/h3>\n\n\n\n<p>Doar dac\u0103: (1) e\u0219ti autoritate public\u0103, (2) activit\u0103\u021bile de baz\u0103 implic\u0103 monitorizare regulat\u0103 \u0219i sistematic\u0103 la scar\u0103 larg\u0103, sau (3) prelucrezi date sensibile la scar\u0103 larg\u0103.<\/p>\n\n\n\n<div class=\"wp-block-group callout callout-info is-style-info is-layout-flow wp-block-group-is-layout-flow\" style=\"border-width:1px;border-radius:8px;padding-top:1rem;padding-right:1.5rem;padding-bottom:1rem;padding-left:1.5rem\">\n\n<h4 class=\"wp-block-heading callout-title\">Not\u0103 important\u0103<\/h4>\n\n\n<p>Acest checklist este un ghid general \u0219i nu reprezint\u0103 consultan\u021b\u0103 juridic\u0103. Pentru decizii aplicabile unei situa\u021bii specifice, discut\u0103 cu un specialist juridic.<\/p>\n\n<\/div>\n\n\n\n<p>Textul complet al regulamentului este disponibil aici: <a href=\"https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj\">https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj<\/a><\/p>\n\n\n<div class=\"references-section\">\n                <h2>Referin\u021be \/ Surse<\/h2>\n                <ul class=\"references-list\"><li><a href=\"https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj\" target=\"_blank\" rel=\"noopener noreferrer\">GDPR Compliance Checklist: The Complete Guide for Website Owners<\/a><\/li><li><a href=\"https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj\" target=\"_blank\" rel=\"noopener noreferrer\">Regulation (EU) 2016\/679 (General Data Protection Regulation)<\/a><\/li><\/ul>\n            <\/div>","protected":false},"excerpt":{"rendered":"<p>GDPR nu e doar un text juridic: pentru un site, \u00eenseamn\u0103 inventarierea datelor, procese clare, consim\u021b\u0103m\u00e2nt corect \u0219i m\u0103suri de securitate care pot fi demonstrate. Mai jos ai un checklist complet, cu referin\u021be pe articole \u0219i pa\u0219i practici aplicabili inclusiv \u00een WordPress.<\/p>\n","protected":false},"author":31,"featured_media":159,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[9],"tags":[79,80,78,82,10],"class_list":["post-160","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-securitate","tag-confidentialitate","tag-cookie-consent","tag-gdpr","tag-securitate-web","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts\/160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/users\/31"}],"replies":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/comments?post=160"}],"version-history":[{"count":0,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/posts\/160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/media\/159"}],"wp:attachment":[{"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/media?parent=160"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/categories?post=160"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/helloblog.io\/ro\/wp-json\/wp\/v2\/tags?post=160"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}