anonym.legal

By · Last updated 2026-06-05

返回博客GDPR 与合规

罗马尼亚ANSPDCP:CNP检测与GDPR合规

ANSPDCP发现78%的工具在CNP验证方面存在缺陷。CNP编码性别、出生日期和出生县——涉及GDPR特殊类别数据的合规影响。

June 5, 20267 分钟阅读
Romania ANSPDCPCNP checksum validationRomanian GDPRBPO complianceRomanian identifiers

罗马尼亚ANSPDCP:CNP检测与GDPR合规

2026年更新版

罗马尼亚的数据保护机构是ANSPDCP。其2024年评估发现,78%的个人信息工具无法检测「个人数字代码」(Cod Numeric Personal,CNP),大多数工具跳过了校验和验证步骤。这一差距带来了真实的合规风险。罗马尼亚为许多西方客户处理欧盟数据,暴露面十分广泛。

罗马尼亚信息密度最高的国家标识符

CNP是一个13位国家标识符,每个数字组均携带个人数据:

  • 第1位: 性别与世纪代码。1900–1999年出生男性=1;1900–1999年出生女性=2;2000年及以后出生男性=5;2000年及以后出生女性=6;男性外籍居民=7;女性外籍居民=8;其他居民=9。
  • 第2–3位: 出生年份末两位。
  • 第4–5位: 出生月份(01–12)。
  • 第6–7位: 出生日期(01–31)。
  • 第8–9位: 县级代码,涵盖41个县和布加勒斯特的六个区(代码01–52)。
  • 第10–12位: 该日期及县内的出生顺序号。
  • 第13位: 校验字符。

仅第1位就揭示了生理性别。根据GDPR第9条,这使CNP成为特殊类别数据项,需要比普通个人数据更强的保护措施。

校验字符的计算方法: 取前12位数字,分别乘以对应权重(2、7、9、1、4、6、3、5、8、2、7、9),求和后除以11取余数。余数为10时校验字符为1;余数为11时该代码无效;其他余数即为校验字符。

跳过此校验的工具存在两类失效模式:一是将任意13位数字字符串标记为匹配(误报);二是已损坏的号码通过模式校验但包含错误数据,该数据需要审查却被遗漏(漏报)。

罗马尼亚语文档的命名实体识别问题

标识符检测只是工作的一部分,罗马尼亚语文本还带来了更多检测障碍。

变音符号: 罗马尼亚语使用ș、ț、ă、â和î。基于其他语言训练的工具往往遗漏含这些字符的姓名。Latin-2编码的旧文档进一步增加了识别失败的可能。

地址格式: 街道类型使用缩写形式——Str.、Bd.、Al.、Cal.——城市和乡镇名称遵循本地规则。为法语或德语地址构建的解析器在此表现不佳。

姓名变格: 罗马尼亚语中,姓名因语法格位不同而呈现不同形式,同一人的姓名在句子不同位置看起来可能不同。NER模型须能跨文档链接这些姓名变体。

有关语言差距如何影响非西方文字检测的内容,请参阅我们的亚太地区个人信息检测指南

ANSPDCP案例的典型模式

ANSPDCP案例呈现三种常见模式。

BPO数据泄露案: 共享文件包含员工身份证号和欧盟客户数据,未经加密;日志记录不完整,企业无法确定哪些记录被访问,这延长了调查周期并提高了罚款金额。

医疗数据泄露: 患者文件——国家ID、医保卡ID和诊断信息——流向未授权方。个人信息工具不支持相关格式,数据在未脱敏的情况下外流。

跨境传输失败: 外包企业将关联标识符的记录发送给非EEA(欧洲经济区)方,既无传输影响评估,也无标准合同条款。第9条数据的特殊属性将常规性漏洞转化为更严重的违规。

ANSPDCP合规的三项核心控制措施

以下三项构成最低技术基线:

  1. 带模11校验的CNP检测 — 仅匹配模式是不够的。
  2. 支持变音符号的NER — 须覆盖UTF-8和Latin-2来源中的ș、ț、ă、â和î。
  3. 身份证件检测 — 国家身份证在多种文件类型中与CNP同时出现。

有关国家标识符如何引发GDPR风险的更广泛视角,请参阅我们的欧盟国家税务ID检测指南

参考来源

相关文章

GDPR 与合规

Japan My Number: Verhoeff & APPI

63% of generic tools fail My Number detection in Japanese documents. My Number uses Verhoeff algorithm — the most complex national ID checksum in Asia.

GDPR 与合规

HDPA Greece: AFM & AMKA Detection

Greek AFM detected with 52% accuracy by generic tools. HDPA issued 89 decisions in 2024 — up 162% from 2022. Tourism and maritime sectors face distinct.

GDPR 与合规

NAIH Hungary: TAJ-Szám and Adóazonosító Jel

Hungarian NER accuracy is 67% vs. EU average 82% — NAIH's 2024 assessment. TAJ-szám weighted checksum and adóazonosító jel detection gaps.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.