Law: Law of 8 July 2011 No. 133 on Personal Data Protection ('the Law')
Regulator: National Centre for Personal Data Protection ('NCPDP')
Summary: The Law provides general personal data protection provisions, establishes data subject rights such as the rights to access, rectification, or erasure, and includes requirements to appoint a data protection officer and provide data processing notifications. In addition, the Governmental Decision of 14 December 2010 No. 1123 on the Security of Personal Data within Automatic Databases (only available in Romanian here) established data breach notification requirements, as well as sanctions for failure to notify the NCPDP.
Moldova has an Association Agreement with the EU through which it has committed to ensuring adequate safeguards for the protection of personal data, and is a signatory of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data ('Convention 108'). The Moldova EU Twinning Project is also particularly active, and a draft personal data protection law (only available to download in Romanian here) has been in discussion over the past few years that would further align Moldovan law with data protection requirements in the EU.
On 10 December 2021, the Law of 11 November 2021 No. 175 for the amendment of some normative acts was published in the Official Gazette and amends the Law. Notably, the amendments introduce requirements to conduct Data Protection Impact Assessments in place of the data processing notification obligations, designate a person responsible for data protection, and new requirements for cross-border data transfers, among other things.