Having established NNDKP’s environmental and data protection practices and coordinating them over the past 18 years, Roxana Ionescu has consolidated her theoretical and practical background in these areas, which allows her to navigate the complex and sometimes highly uncorrelated legal frameworks in order to find practical solutions to clients’ projects and needs.

Her expertise covers:

In the environment field:

  • environmental issues in mergers, acquisitions and privatizations
  • environmental and other permitting matters
  • water management
  • waste management
  • hazardous substances
  • protected natural areas
  • environmental liability, including for nuclear incidents and historic pollution
  • industrial emissions and greenhouse gas emission allowances trading
  • environmental taxes
  • sanitary, veterinary and food safety matters
  • compliance matters, including in case of polluting incidents and authorities’ controls
  • environmental related litigation

In the Data Protection and Privacy field:

  • GDPR gap analysis and audits
  • GDPR and DPO training
  • processing employees’ data, including data sharing within the group for benefits programs and whistle-blowing schemes
  • building and using databases for supporting sales and marketing activities
  • e-privacy matters, including social networking sites, cookies consent rules and commercial communications
  • cyber-security requirements
  • classified information regime
  • cloud computing
  • data sharing in mergers, acquisitions and winding-up projects, as well as joint business projects
  • regulatory compliance, including in connection with disciplinary procedures and FCPA audits
  • data breach regulations
  • data subject rights
  • processing and data transfer formalities
  • controls by the data protection authorities
  • internal data protection and privacy audits and training
  • archiving formalities (including in cases of winding-up of companies)

Industry Focus

Representative Cases and Transactions


  • day-to-day environmental matters, including assessment of environmental risks, as well as managing permitting and waste management requirements, in connection with a major car manufacturer’s acquisition and modernization of a Craiova-based car manufacturing company
  • assistance to one of the major organizations taking back obligations in the electric and electronic equipment waste field in assessing the implications and effects of government efforts to transpose the new EU directive in this field
  • advice on a wide range of environmental permitting issues in connection with a leading oil company’s offshore exploration and exploitation activities
  • assessment of the environmental liability regime in case of offshore environmental incidents for the leading Romanian oil company
  • assistance in the implementation of environmental, natural protected areas and forestry permitting requirements for the construction and operation of the Nabucco International Gas Pipeline project
  • assessment of the Romanian carbon capture and storage regime for a foreign institute in connection with a grant given to the first pilot project of this kind to be implemented in Romania by one of Romania’s main power generation companies
  • assistance in addressing various issues in connection with a major cement manufacturer’s trans-boundary waste shipment
  • assessment of the client’s legal exposure and potential alternatives in connection with the clean-up operations of a Romanian refinery during the privatization process of one of the largest oil&gas players on the market
  • successful challenge on behalf of one of the largest wood manufacturers in Romania of a 3.42 million EUR penalty imposed under the Emission Trading Scheme regime for failure to timely surrender greenhouse gas emission allowances corresponding with the client’s actual emissions
  • successful challenge on behalf of a mining company of the claim initiated by the government against the environmental approval of a gold mining project

Data Protection and Privacy

  • assistance to a large financial institution and its subsidiaries with conducting an audit of the processing operations within the group to assess compliance with GDPR requirements, drafting an audit report and an action plan with recommended measures to be implemented by the group to ensure compliance, and assisting with the implementation thereof
  • advice to a large IT company in conducting an audit of the processing operations within the company, issuing recommendations regarding the necessary actions to be taken for ensuring compliance with applicable legislation and assistance in implementing such measures; also provided assistance in day-to-day privacy matters, including for its cloud computing services, and held training sessions regarding data protection requirements
  • assistance to one of the major car manufacturers in Romania in implementing privacy information and notification requirements for its HR and sales and marketing activities
  • assistance to a pharmaceutical company in the internal investigation on privacy breach allegations made by former employees
  • project by a major telecommunications operator regarding the possible extension of the access to credit bureaus regulations in order to allow telecom operators access to data required for financial exposure prevention purposes
  • advice to one of the major insurance brokers in implementing privacy notices, submitting notifications and addressing data protection requirements in connection with intra-group data sharing
  • assistance to a leading pharmaceutical company in implementing privacy documents, including privacy notices, internal procedures and notifications with the data protection authority
  • advice to one of the worldwide telephone manufacturers in fulfilling notification and transfer authorization requirements for its marketing and HR functions
  • advice to a major financial institution on privacy implications of transferring its portfolio of clients and contracts to an affiliate
  • assistance to a client in the pharmaceutical sector on data sharing alternatives as part of a FCPA investigation


Included in international rankings since 2007; most recently:

  • Recommended, TMT (Legal 500, 2022)
  • Included in Who’s Who Legal: Data Privacy & Protection (2022)
  • Included in Who’s Who Legal: Information Technology (2022)
  • Included in Who’s Who Legal: Environment (2019)

Roxana Ionescu is praised as a “very hands-on privacy professional when it comes to data protection matters” and is noted for her “wealth of experience” in the field.
(Who’s Who Legal, 2020)

Roxana Ionescu is highly recommended as a lawyer specializing in environmental law with “strong regulatory and transactional focus covering all aspects of the practice area
(Practical Law Company)


  • University of Bucharest Law School, Law Degree
  • Law School of De Montfort University, Leicester (UK), LL.M in Environmental Law
  • Academy of European Law, post-graduate diploma in European Law
  • Lex Mundi Institute, Post-graduate Diploma in Employment Law
  • Centre of Euro-Atlantic Studies, Post-graduate Diploma in European Integration

Memberships and Affiliations

  • Bucharest Bar
  • Data Protection
    • Lex Mundi E-commerce, Technology, Outsourcing, and Privacy Practice Group
    • AmCham Romania ICT Committee
    • Foreign Investors Council – Coordinator of the data protection working group
    • The International Association of Privacy Professionals (IAPP)
  • Environment
    • Coalitia pentru Dezvoltarea Romaniei, member of the Environmental Task Force
    • Lex Mundi Environmental Practice Group
    • AmCham Romania Environment Committee
    • Foreign Investors Council – Coordinator of the waste management and environmental permitting working groups

Notable Contributions


  • contributor to NNDKP – COVID-19 Legal & Tax Resource Center
  • speaker at the conference “Romanian Law – 100 years since the Romania’s Great Union”, organized by University of Bucharest Law School (2018)
  • speaker at the Environment and Sustainability Summit, organized by Business Review (2018)
  • speaker at Govnet’s Romanian Environmental Compliance Conference 2016, “Environmental litigation – concepts and common mistakes” (2016)
  • speaker at the NNDKP-ERM event on Environmental Responsibilities (2013)
  • “PLC Cross-border Environment Handbook – Romania chapter” (PLC, 2008) (co-author)
  • “Promoting Energy Efficiency and Renewable Energy Sources in the Current Romanian Market Environment” (Romanian Business Digest, 2007) (co-author)
  • “Environmental Protection in the Context of Romanian Accession to the European Union” (Invest Romania Magazine, 2006)

Data Protection and Privacy

  • contributor to NNDKP Privacy Out Loud
  • contributor to NNDKP – Act for Ethics Hub
  • speaker at the webinar  “Data privacy: Criminal records checks and vetting”, organized by Ius Laboris (2021)
  • speaker at the “GoTech World” event, organized by Universum Events (2021)
  • speaker at the CIO Conference, organized by CIO Council and Revista Cariere, during the day dedicated to “Cybersecurity resilience” (2021)
  • speaker at the webinar “Decoding and systematizing the obligations of employers: Essential Legal and Tech requirements to ensure compliance with the Whistleblowing Legislation”, organized by NNDKP (2021)
  • moderator of the 4th episode of the Corporate Conversations webinar and podcast series, an initiative by The Legal 500 (2021)
  • Key takeaways on the Romanian whistleblowers proposal law” (2021) (co-author)
  • contributor to NNDKP – COVID-19 Legal & Tax Resource Center
  • speaker at the CIO Conference, organized by CIO Council and Revista Cariere, during the day dedicated to “Digital Business Transformation” (2020)
  • speaker at “Your Business in OnLine – How to respond to the challenges of a business activity in the virtual space?” webinar series, organized by NNDKP and Business Mark (2020)
  • speaker at ZF Cybersecurity Trends 2020 videoconference, organized by Ziarul Financiar (2020)
  • speaker at ZF Digital Summit, organized by Ziarul Financiar (2019)
  • “GDPR after 14 months: What’s been done and what’s to come?” (Business Review, 2019)
  • speaker at the ZF Cybersecurity conference, organized by Ziarul Financiar (2019)
  • speaker at the CIO Conference, organized by CIO Council and Revista Cariere, in the panel “Artificial Intelligence and Cyberdefence” (2019)
  • speaker at The Financial Conference, organized by Revista BIZ (2019)
  • “Data Protection in Social Media” (Revista Cariere, 2018)
  • speaker at the CIO Conference, organized by CIO Council and Revista Cariere (2018)
  • speaker at the conference “25 May 2018, the ground zero for GDPR. What’s next?”, organized by NNDKP and Microsoft (2018)
  • speaker at the “GDPR Conference – Healthcare sector” and “GDPR Conference – Pharmaceutical sector”, organized by Softeh (2018)
  • speaker at the “GDPR Explanatory Conference”, organized by Softeh (2018)
  • speaker at the PR Forum, GDPR for Public Relations seminar, organized by Evensys (2018)
  • speaker at the “Ready, steady, GDPR!” event, organized by Business Mark (2018)
  • “What does an HR Manager need to know about GDPR” (Ziarul Financiar, 2018) (author)
  • speaker at the Digital Marketing Forum, GDPR for Marketers Workshop organized by Evensys (2018)
  • speaker at the “Four months until the GDPR shock” conference organized by Ziarul Financiar (2018)
  • “Facing the GDPR Challenge in Romania” (CEE Legal Matters, 2017)
  • “The Lex Mundi Global Data Privacy Guide – Romania chapter” (2017)
  • speaker at the “ZF Digital Summit 2017” event organized by Ziarul Financiar (2017)
  • speaker at the “GDPR for bloggers” event organized by a community of bloggers (2017)
  • speaker at the “Data Protection Conference” organized by Evensys (2017)
  • speaker at the NNDKP Lex Atelier event, “Human Resources between internal regulation and legal constrains” (2015)
  • “Electronic communications – Romania country Guidance Note” (DataGuidance online platform, 2015) (co-author)
  • “Data transfers and outsourcing – Romania country Guidance Note” (DataGuidance online platform, 2015) (co-author)
  • “Customer data – Romania country Guidance Note” (DataGuidance online platform, 2015) (co-author)
  • “The law and practice of video monitoring – Romania country Guidance Note” (DataGuidance online platform, 2015) (co-author)
  • “Data Protection: Laws of the World – Romania chapter” (several edition up to 2014) (co-author)
  • “Data Protection and Privacy – Jurisdictional Comparisons – Romania chapter”, 2nd edition, European Lawyer Reference (Thomson Reuters, 2014) (co-author)
  • speaker at the Microsoft Cloud Computing event, “Recommended criteria for choosing a cloud service provider” (2014)
  • “Getting the Deal Through: Data Protection and Privacy – Romanian chapter” (2013) (co-author)
  • speaker at the Promotions360 event, “Using databases in promotions” (2013)
  • “New EU Data Privacy Regulation Worries Legal Departments – Romania section” (Talklaw Europe, 2012)
  • “Romanian Data Retention Law Found Unconstitutional” (Data Protection Law & Policy, 2010) (co-author)