Costin Sandu



Costin is a Counsel in our TMT, Data Privacy and Cybersecurity teams, where he brings innovative perspective, business knowledge and hands-on leadership.

With more than 18 years of experience, Costin specialises in Tech law and Compliance work, particularly in Data Protection and Cybersecurity, as well as in Telecom work. He has a strong professional background in banking and finance, financial services regulatory and compliance and corporate and M&A prior to focusing on TMT.

Costin regularly assists clients on all aspects of data protection and cybersecurity compliance and risk mitigation, ranging from gap assessment reviews and advice on compliance actions to complex risk and impact assessments, security incidents, data sharing structures or advice in transactional contexts. Costin is a known expert on cybersecurity regulatory matters resorting from the evolving EU cybersecurity regulation framework.

Costin has developed a security incident management practice reflecting the firm’s broader crisis management and internal investigations capabilities, and he provides clients facing security incidents such as ransomware attacks with seamless assistance from regulatory, corporate and contractual, or white-collar crime perspectives. He also often joins teams involved in the firm’s internal fraud investigations and develops the firm’s general compliance practice following international standards.

He also advises on Tech projects on matters such as IT contracts, use of trust services, remote identification, or regulatory and compliance matters, his clients including technology developers, vendors, distributors, resellers, integrators, and technology beneficiaries. Costin drives the firm’s approach to the rapidly changing regulatory framework applicable to the advances in technology such as artificial intelligence, robotics, big data, or adtech. Building on his banking regulatory background, Costin has a focus on tech legal and compliance work connected to the financial services area.

Costin advises clients on regulatory and compliance matters in the Telecom area leveraging his personal mix of technology knowledge, thorough approach to regulatory work, and business insights. He regularly advises clients on telecom matters arising in mergers and acquisitions deals, corporate, compliance, general contract work, and litigation. 

His extensive experience includes assisting both local and international clients in various industries such as energy, banking and fintech, blockchain and virtual assets, retail, FMCG, and telecom. 

Costin has been a member of the Bucharest Bar since 2005.



Romanian – English – French



2020 – Certified trainer (Ministry of Labour)

2005 – Master’s in Law (LL.M./ D.E.A.)

Université Montesquieu Bordeaux IV

2004 – Bachelor of Laws (LL.B.)

Faculty of Law, Bucharest University

2004 – Bachelor of Laws (LL.B.)

Université Paris 1 Panthéon – Sorbonne, Collège Juridique Franco-Roumain



  • Advised a major international telecoms group on the entry on the Romanian market, including regulatory formalities, contracts with Romanian clients and providers, and general compliance assistance.
  • Seamlessly coordinated and conducted gap assessment reviews and implementation of data protection and e-privacy requirements and provided related assistance to clients.
  • Providing seamless assistance to clients on Networks and Information Systems legislation cybersecurity requirements.
  • Assisted clients in relation to data processing agreements, data sharing and transfer structures.
  • Advised a major Romanian bank on contracts for cloud computing services and software licensing from data protection, financial regulatory, and cybersecurity perspectives.
  • Advised clients in relation to bank fraud and security incidents.
  • Advised international groups in relation to group data sharing structures involving transfer of personal data outside the European Union.
  • Advising a major technology distributor and integrator in connection with a EUR 5 million SaaS agreement with a Romanian bank.
  • Advising a minority shareholder in a EUR 2 billion merger in the telecoms sector.
  • Advised clients on various tech matters such as use of electronic signatures, mobile banking, e-commerce, cloud computing services, IT contracts.
  • Advised local clients on day-to-day data protection matters such as managing data subjects’ requests, legitimate interest and data protection impact assessments, privacy notices, data processing agreements, data sharing structures.
  • Assisted clients with the initial assessment, notification and management of data breaches and security incidents.
  • Assisted clients with third-party risk assessments and operational audits from a data protection and information security perspective.
  • Prepared and delivered trainings on data protection, cybersecurity and technology law matters to clients.



one herastrau office

30-32 Daniel Danielopolu Street, One Herastrau Office, 6th Floor, Bucharest, 014134, Romania

Phone: +40 (21) 316 87 49

Fax: +40 (21) 316 87 56


09:00 – 19:00



Digital Park, 15A Mihai Viteazul Street, 6th Floor, Chisinau, MD2004, The Republic of Moldova

Phone: +373 (22) 994 990; +373 (22) 009 109

09:00 – 19:00