SecurePrivacy Logo

Moldovan Law on Personal Data Protection

View Law Text
Maximum Fine
MDL 500,000
Scope
National
Regulator
NCPDP
Enacted
2011

Need Help with Moldovan Law on Personal Data Protection Compliance?

Get expert guidance on implementing Moldova's data protection requirements and ensuring ongoing compliance for your organization.

Get Expert Help

Overview

The Law on Personal Data Protection establishes comprehensive requirements for the protection of personal data in Moldova, enforced by the National Center for Personal Data Protection.

Key Facts

  • Enacted in 2011
  • Enforced by National Center for Personal Data Protection
  • Includes strict data protection requirements

Key Principles

Lawfulness and Transparency

Personal data must be processed lawfully, fairly, and transparently.

Requirements

  • Valid legal basis for processing
  • Clear privacy notices
  • Transparent processing activities
  • Documentation of legal grounds
  • Regular compliance reviews

Examples

  • Privacy notices on websites
  • Consent management systems
  • Processing records
  • Documentation of legal bases

Data Minimization

Collection and processing of personal data must be limited to what is necessary.

Requirements

  • Assess data necessity
  • Limit collection scope
  • Regular data reviews
  • Deletion procedures
  • Documentation of necessity

Examples

  • Data collection forms
  • Necessity assessments
  • Deletion schedules
  • Review procedures

Moldova-Specific Requirements

Additional requirements specific to Moldovan data protection law.

Requirements

  • State identification number handling
  • Employee data protection
  • Video surveillance rules
  • Direct marketing restrictions
  • Cross-border transfers

Examples

  • ID number processing procedures
  • Employee privacy policies
  • CCTV policies
  • Marketing consent forms

Compliance Requirements

Registration Requirements

Organizations must register their data processing activities with NCPDP.

Implementation Steps

  • Submit registration application
  • Document processing activities
  • Pay registration fees
  • Maintain registration status
  • Update when changes occur

Required Documentation

  • Registration certificates
  • Processing records
  • Payment receipts
  • Status updates
  • Change notifications

Data Protection Measures

Implementation of appropriate technical and organizational measures.

Implementation Steps

  • Conduct risk assessments
  • Implement security controls
  • Train staff on security
  • Regular security audits
  • Document security measures

Required Documentation

  • Security policies
  • Risk assessments
  • Training records
  • Audit reports
  • Security documentation

International Transfer Requirements

Requirements for transferring personal data outside Moldova.

Implementation Steps

  • Assess recipient country adequacy
  • Implement transfer safeguards
  • Obtain necessary approvals
  • Document transfers
  • Monitor compliance

Required Documentation

  • Transfer assessments
  • Safeguard documentation
  • Approval records
  • Transfer logs
  • Monitoring reports

Enforcement & Penalties

Administrative Penalties

The National Center for Personal Data Protection can impose administrative penalties for violations.

Penalty Categories

Severe Violations
Up to MDL 500,000
For serious breaches of data protection requirements
Processing Violations
Up to MDL 250,000
For unauthorized processing of personal data
Documentation Violations
Up to MDL 100,000
For failure to maintain required documentation

Example Cases

Financial Institution
MDL 400,000
2023 - Unauthorized data sharing with third parties
Technology Company
MDL 200,000
2022 - Insufficient security measures leading to data breach

Criminal Penalties

Serious violations may result in criminal prosecution.

Penalty Categories

Intentional Violations
Up to MDL 500,000 and imprisonment
For deliberate violations of the law
False Statements
Up to MDL 250,000
For providing false information to authorities
Obstruction
Up to MDL 100,000
For obstructing investigations

Example Cases

Data Breach Case
MDL 450,000
2023 - Intentional exposure of sensitive personal data
Compliance Violation
MDL 300,000
2022 - Repeated non-compliance with authority orders