Data Protection in Moldova

Registration in Moldova

As of January 10, 2022, the requirement of mandatory registration or notification of personal data databases has been abolished. 

Instead, according to the new legal provisions, before starting the data processing operations, the data controller shall perform a data protection impact assessment, analysing thereby the envisaged actions to be performed and their eventual impact on the data subject.

The data protection impact assessment should contain at least the following information:

  • The description of envisaged processing operations, the purpose of processing and legitimate interest of the data controller (if any);
  • The description of the necessity and proportionality of processing operations in relation to the purpose of processing;
  • Risk assessment for the rights and freedoms of data subjects, in particular, the source of those data, nature, specific degree of likelihood of materialization of the increased risk and the severity of that risk;
  • The description of risk prevention measures, including safeguards, security measures and mechanisms to ensure the protection of personal data and to demonstrate compliance with the provisions of the data protection law.

The NCPDP has additionally approved and published a list of types of personal data processing operations, which are subject to the mandatory data protection impact assessment requirement. The list may be consulted at the following link.

Furthermore, the data controller shall consult with the NCPDP before starting any operations on processing of personal data if the data protection impact assessment indicates that the processing would generate an increased risk, and the data controller considers that such risk cannot be mitigated through reasonable means, considering the available technologies and implementation costs.

Continue reading

  • no results

Previous topic
Back to top