Remember the typical “GDPR comes with huge fines” fearmongering advice? That’s not us.

Your business needs to process personal data and we’re here to help you do that while complying with data protection legislation. The GDPR places many requirements on organizations and data protection compliance is becoming increasingly demanding. That is why we do not sell any one-size-fits-all solutions, and tailor our advice to each individual business and organizational processes. We start by understanding the business needs and we step outside of the “data protection laboratory” into the real world.

The GDPR prescribes two typical roles for an organization: data controller (alone or jointly with other controllers) or data processor. Based on the role in each processing activity, we’ll explain what you need to do to comply with privacy laws. This section is a snapshot of the usual services we provide for organizations.

Assistance in meeting GDPR requirements

GDPR includes a vast array of obligations for data controllers, summed up under the principle of accountability. We regularly help clients implement processes and design mechanisms to demonstrate compliance with all such legal requirements, including the records of pr­­ocessing operations (which we also tailor to the needs of the client), data protection impact assessments (where we assist clients with very complex risk assessments and mitigation), data protection agreements, personal data breach assessments, and not least consultations with the data protection supervisory authority.

Legal design

We are very skilled in drafting information notices and other materials that need to have an accessible language and be easily understood by the general public. Our documents are not just lawyer readable but human readable, ensuring that you meet the GDPR requirements to use an intelligible and easily accessible form, as well as clear and plain language. We also design adequate methods to bring the information to the attention of its addressees, whether this is on a website, on a smart terminal, on a board or others.

Training on EU data protection law

Our customised training programs are constantly hailed as being professional, informative and also fun.  Our practical approach backed by a long experience dealing with data protection issues has been widely praised by our clients.

E-Privacy compliance

Data protection is not just about GDPR. We also advise clients in complying with the requirements related to direct marketing, as well as cookies and other tracking technologies. Moreover, since the future ePrivacy Regulation is currently being negotiated at EU level, we keep our clients informed about the process.




Roxana is an attorney at law since 2012, and starting with 2017, her activity focuses almost exclusively on data protection related matters, being involved in projects for clients in a variety of industries. Roxana began her career by handling primarily IP and IT&C matters. Her previous experience of over 3 years as Senior Contracts Specialist for Oracle, both in the Bucharest and in the London office, gave her valuable exposure to the IT industry and a set of skills of much help to her activity as a lawyer. Roxana's 6 years collaboration with Biriș Goran SPARL was a key element in establishing the partnership between the two law firms, supporting the goal of building a specialized data protection practice, unique in Romania, and offering integrated legal services for clients.


Partner, CIPP/E

Dana has a solid background as a lawyer promoting fundamental rights, and in particular the rights to private life and data protection. Since 2014, after joining the Bucharest Bar, she has been active in transnational legal projects and human rights investigations, often involving complex and interdisciplinary work. Dana also has experience in banking law and has been involved in complex GDPR compliance programs for banks and other large organizations. Dana closely monitors the impact of data protection legislation on the freedom of expression and manages the platform which is aimed at explaining privacy for journalists. She frequently writes articles on data protection related matters and is a CIPP/E and a certified trainer.

We don’t sell GDPR software or templates and we won’t magically make you “GDPR compliant”.

We do, however, come up with practical solutions to your data protection and privacy problems and empower your organisation to learn to handle them in the future.

Current events

Get in Touch with Us

Bucharest, Bd. Aviatorilor nr. 47, etaj 2, sector 1, 011853, Romania

Email: [email protected]