top of page

MOLDOVA - Data Protection and GDPR Review

Data protection has been an evolving subject in Moldova, influenced by various factors including its political landscape, international relations, and technological advancements. Here we present a concise history of how data protection norms and regulations have taken shape in Moldova.

Pre-2000s: Lack of Formal Regulations

Before the turn of the century, Moldova had minimal formal regulation on data protection. Like many other post-Soviet states, Moldova was grappling with various economic and political challenges during the 1990s, which meant data protection was not a priority.

Early 2000s: Initial Steps

In the early 2000s, Moldova began to take initial steps toward setting up a legal framework for data protection. These were largely influenced by its desire to align with international standards, especially considering its aspirations for European integration.

Adoption of Data Protection Law

In 2007, Moldova adopted its first comprehensive data protection law: "Law on the Protection of Personal Data," which laid the groundwork for data protection standards in the country. The law defined key concepts like personal data, data processing, and data controller, and it established individual rights to data privacy.

Establishment of Regulatory Body

Following the adoption of the law, the National Center for Personal Data Protection (NCPDP) was established as the authority responsible for overseeing data protection issues. This included the monitoring of data processing activities and enforcement of penalties for violations.

Post-2010: European Influence and GDPR

Moldova's relationship with the European Union has had a profound impact on its data protection landscape. Although not an EU member, Moldova has sought to align its legal standards with EU norms, notably the General Data Protection Regulation (GDPR). Discussions have been underway to revise the 2007 law to better align with GDPR principles, although as of my last update in September 2021, full alignment had not yet occurred.

Challenges and Controversies

Moldova faces numerous challenges in the area of data protection, including limited public awareness, insufficient resources for enforcement agencies, and the balancing act between state security and individual privacy rights.

Ongoing Evolution

Data protection norms continue to evolve in Moldova, influenced by technological advancements and international frameworks. The NCPDP has been actively involved in educating businesses and the general public about their rights and obligations under data protection law.


Moldova's history of data protection is a tale of gradual evolution, marked by growing legal sophistication and greater alignment with international standards. While challenges remain, the progress made in this domain reflects Moldova's ongoing efforts to establish a robust data protection regime. With increasing digitalization and global interconnectivity, data protection will likely remain a critical issue in Moldova's legislative and societal discussions.

Although Moldova is not an EU member state, its approach to data protection is increasingly influenced by the European Union's General Data Protection Regulation (GDPR). This is particularly important for Moldovan businesses that interact with EU residents or operate within the EU. This guide aims to give an overview of data protection in Moldova with a focus on GDPR-related aspects.

Regulatory Bodies

  • National Center for Personal Data Protection (NCPDP): The Moldovan body responsible for overseeing data protection issues.

  • European Union's General Data Protection Regulation (GDPR): Although not directly applicable in Moldova, the GDPR influences Moldovan companies operating in the EU or dealing with EU data subjects.

Key Concepts

Personal Data

Information that can be used to identify an individual.

Data Controller

The entity responsible for determining how and why personal data is processed.

Data Processor

An organization that processes data on behalf of the data controller.

Data Subject

An individual whose personal data is processed.


Permission granted by the data subject for data processing.

Moldova’s Data Protection Law vs. GDPR

Moldova's primary data protection law is the "Law on the Protection of Personal Data" from 2007. While it serves as the legal backbone for data protection in Moldova, it doesn't align fully with the GDPR. Efforts are underway to revise it, reflecting GDPR principles like data minimization, purpose limitation, and increased data subject rights.

Obligations for Moldovan Businesses in Relation to GDPR

If a Moldovan business processes the data of EU residents or operates within the EU, it must comply with the GDPR.

Privacy Policy

A clear and transparent privacy policy must be available, outlining how personal data is collected, used, and stored.

Data Protection Impact Assessment (DPIA)

A DPIA may be required to assess the impact of data processing operations on data privacy.

Data Protection Officer (DPO)

Certain organizations may need to appoint a DPO to oversee data protection activities.

Security Measures

Adequate security measures must be in place to protect personal data.

Data Breach Notification

In case of a data breach, the relevant EU authority and affected data subjects must be notified within 72 hours.

Rights Under GDPR

For Moldovan businesses dealing with EU data subjects, it's crucial to understand the GDPR-enforced rights:

  • Right to Access: Data subjects can request access to their data.

  • Right to Rectification: Inaccurate data must be corrected upon request.

  • Right to Erasure: Data subjects have the right to have their data deleted.

  • Right to Object: Data subjects can object to data processing.

  • Right to Data Portability: Data must be provided in a common, machine-readable format upon request.


Failure to comply with the GDPR can result in fines up to €20 million or 4% of the company’s annual global turnover, whichever is greater.


Data protection in Moldova is a developing field, increasingly influenced by GDPR. For Moldovan businesses that have any dealings with the EU, understanding GDPR compliance is crucial. With an evolving regulatory landscape and stringent penalties for non-compliance, data protection should be a top priority for organizations in Moldova looking to engage in international business or partnerships.


bottom of page