Moldova
Summary
Law: Law No. 195/2024 on the Protection of Personal Data (only available in Romanian here) (Law No. 195/2024)
Regulator: National Centre for Personal Data Protection (NCPDP)
On August 23, 2024, Law No. 195/2024 on the Protection of Personal Data was published in the Official Gazette of the Republic of Moldova. Law No. 195/2024 fully transposes the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) into Moldovan law and provides general personal data protection provisions including data subject rights, duties of data operators, requirements for Data Protection Impact Assessments (DPIAs), and data transfer requirements. Law No. 195/2024 will come into effect two years after publication. In the meantime, Law of 8 July 2011 No. 133 on Personal Data Protection (Law No. 133/2011) remains in force.
In addition, the Governmental Decision of 14 December 2010 No. 1123 on the Security of Personal Data within Automatic Databases (only available in Romanian here) established data breach notification requirements, as well as sanctions for failure to notify the NCPDP. Moldova has an Association Agreement with the EU through which it has committed to ensuring adequate safeguards for the protection of personal data and is a signatory of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108).