Gorici Legal Logo

Tech & GDPR

Get in touch
Practice Areas

Technology moves fast - legal should keep up without slowing you down. Gorici Legal advises startups and SMEs on tech law and GDPR compliance in Romania, combining clear documentation with practical implementation. Based in Bucharest and Timișoara, available nationwide across Romania.

GDPR compliance & DPIA (risk-based)

We build GDPR compliance in Romania that works in practice: Data Protection Impact Assessments (DPIA), privacy mapping, lawful basis analysis, retention rules, internal procedures and audit-ready documentation tailored to your business model.

Data processing agreements & vendor risk

Drafting and negotiating Data Processing Agreements (DPAs) and related clauses—controller/processor roles, sub-processors, security, breach handling, audits and liability—as well as contractual review of vendors handling personal data or critical services.

Privacy policies, cookies & website terms

We prepare privacy policies, cookie notices and website terms & conditions that reflect real data flows and are aligned with GDPR and e-privacy requirements, including consent and cookie banner logic.

Tech and IT contracts (software, SaaS, cloud)

Drafting and negotiating IT and tech contracts: software development, licensing, SaaS, cloud, maintenance and IT services, covering scope, acceptance, Service Levels (SLAs), IP ownership, warranties, limitations of liability and termination.

Workplace privacy & monitoring

We advise on GDPR in employment and workplace monitoring: HR data documentation, CCTV and monitoring setups, employee notices, retention and access controls, designed to reduce legal and internal friction.

Incident response, regulators & emerging tools (GenAI)

Support for data incident response and regulatory handling: internal reporting, documentation, vendor coordination, authority inspections, notifications and complaints, as well as pragmatic guidance for using GenAI and new tools with sensible data safeguards.

How we work

We start with the real data and the real product, not generic templates. You get a clear compliance roadmap, “sign-ready” contracts, and practical steps your team can implement. The goal is simple: reduce legal risk while keeping your tech and operations moving.