It is a problem with under-specification, because GDPR is supposed to be just a guiding framework and each government should implement its own compatible laws.
I also was afraid the Romanian government (and other autocratic governments) will do a poor job translating the GDPR into national law.
That's not true; the GDPR is not a Directive, but a Regulation, meaning the actual text applies directly, it's not transposed by the national legislators.
