The National Center for Personal Data Protection for five years has not carried out any public procurement procedure through the Automated Information System “State Register of Public Procurement” / MTender. Under these circumstances, transparency, efficiency and digitalization of public procurement have not been ensured in a regular manner. This is one of the findings of the Court of Auditors, which presented the Compliance Audit Report on the formation, management and use of public financial resources and public heritage by the Center in 2018-2022, IPN reports.

Victor Munteanu, unit head at the General Audit I Division, said that the Center allowed the division of acquisitions by signing low-value contracts for the procurement of goods and services as a result of nonapplication of acquisitions by lots, as well as deficiencies related to the process of planning contracts to the value of over 63,000 lei.

Contrary to the legal provisions, the entity concluded 10 procurement contracts to the value of 196,700 lei without specifying in the contract the name of the services for servicing, testing, maintaining and repairing company cars, their quantity and price. Due to the lack of internal control, repair services were purchased at a price that was enlarged by almost 30,000 lei.

“Despite specifying the budget and decreasing expenses in 2018-2022, the Center did not execute budget expenditures of 5.8 million lei due to improper planning of spending limits. As a result, the level of execution of cash expenses, compared to the budget allocations specified in 2018, was 73.3%, in 2019 – 87%, in 2020 – 90.4%, in 2021 – 92.6%, and in 2022 – 89.6%,” stated Victor Munteanu.

The National Center for Personal Data Protection generated inefficient budget expenditures in the amount of 984,800 lei in connection with the administration and subsequent liquidation in 2022 of the Automated Information System “Register of Economic Operators of Personal Data”. Another finding is that, although the bailment contract expired in 2016, the Chevrolet Captiva car, which actually belongs to the former director of the Center, was illegally registered quantitatively and at value 0 in the accounting records, with a remaining amount of fuel not being returned to the institution.

The Court of Auditors also notes that the Centre did not ensure the organization and regular conduct of the inventory of material assets, which led to uncertainties regarding the value of the managed goods.

According to the auditors, the Centre worked in the absence of a strategy concerning personal data protection, which would ensure the consolidation of the appropriate legal, institutional and social framework. Also, it did not achieve the objectives of the National Action Plan for the implementation of the Association Agreement with the European Union, provided in the “Protection of Personal Data” chapter.