Data Protection in Moldova

Security in Moldova

The controller must implement appropriate technical and organizational measures to protect personal data against destruction, alteration, blocking, copying, disclosure, and against other unlawful forms of processing, that shall ensure a level of security appropriate to the risks represented by the processing and the nature of the data. The NCPDP has approved guidelines on the security measures to be implemented by the controller or processor, for the protection and processing of personal data within information systems. The guidelines may be accessed here.

Where processing is to be carried out on behalf of the controller, the controller shall only use processors providing sufficient guarantees to implement appropriate technical and organisational measures. The processing of personal data by a processor shall be governed by a contract concluded with the controller, ensuring in particular the following:

  • that the processor only acts on the instructions from the controller;
  • that the obligations related to mandatory technical and organisational measures to be undertaken, in order to ensure a level of security appropriate to the risk and nature of the data processed, shall also apply to the processor.

According to the New Data Protection Law, and save for the exceptions expressly established by law, where a controller or processor not registered in the Republic of Moldova is processing personal data of subjects who are in the Republic of Moldova, it should designate a representative in Moldova, provided that the processing activities are related to the following:

  • offering of goods or services, irrespective of whether a payment of the data subject is required to such subjects in the Republic of Moldova; or
  • to the monitoring of data subjects’ behaviour, as far as their behaviour takes places within the Republic of Moldova.

Continue reading

  • no results

Previous topic
Back to top