Data Protection in Moldova

Collection and processing in Moldova

Personal data shall be processed with the consent of the personal data subject, unless an exception applies. 

The consent of the data subjects is not necessary where the processing is necessary for:

  • performance of a contract to which the personal data subject is party, or implementation of pre-contractual measures, taken at the data subject’s request;
  • carrying out an obligation of the controller, under the law;
  • protection of the life, physical integrity or health of the personal data subject;
  • performance of tasks carried out in the public interest or in the exercise of public authority prerogatives vested in the controller or in a third party to whom the personal data is disclosed;
  • the purposes of legitimate interest pursued by the controller or by the third party to whom personal data is disclosed, except where such interest is overridden by the interests for fundamental rights and freedoms of the personal data subject;
  • conducting the external public audit;
  • statistical, historical or scientific-research purposes, provided that the personal data remains anonymous throughout the processing;
  • data exchange, performed in accordance with the applicable legislation on data exchange and interoperability.

Processing of special categories of personal data shall be prohibited, except for cases provided by the Law. Furthermore, Law on Personal Data Protection currently expressly establishes special rules for processing the following: personal data concerning health, data concerning criminal convictions and offences or related security measures, data comprising the national identification number.

Personal data undergoing processing must be:

  • processed fairly and lawfully;
  • collected for specified, explicit and legitimate purposes and not further processed in a way incompatible with those purposes;
  • adequate, relevant and not excessive in relation to the purposes for which they are collected and / or further processed;
  • accurate and, where necessary, kept up to date;
  • kept in a form which permits the identification of personal data subjects for no longer than is necessary for the purposes for which the data was collected and further processed. 

The data controller shall ensure the confidentiality of personal data. The data controller and other persons who have access to the personal data, shall not disclose any information to a third party without the prior consent of the data subject unless one of the following exclusions applies:

  • processing relates to data which is voluntary and manifestly made public by the personal data subject;
  • the personal data is rendered anonymous. 

The controller must implement appropriate technical and organizational measures to protect personal data against destruction, alteration, blocking, copying, disclosure, and against other unlawful forms of processing, that shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data.

Continue reading

  • no results

Previous topic
Back to top