Home / Personal Data Protection

Personal Data Protection

Answers to legal questions based on AI

Personal Data Protection

Personal data protection is a set of technical and organizational measures aimed at protecting information related to a specific individual (subject of personal data).

Monitoring of compliance of personal data processing with the requirements of this law is carried out by the National Center for Personal Data Protection of the Republic of Moldova.

For information - Legal basis of of Moldova and the EU

  • Law No. 133/2011 on Personal Data Protection - in force until 23.08.2026
  • Law No. 195/2024 on Personal Data Protection - in force from 23.08.2026
    This law transposes Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).

For information - Personal Data Protection Regulation in EU

The General Data Protection Regulation (Regulation (EU) 2016/679), abbreviated GDPR, is a European Union regulation on information privacy in the European Union (EU) and the European Economic Area (EEA). The GDPR is an important component of EU privacy law and human rights law, in particular Article 8(1) of the Charter of Fundamental Rights of the European Union. It also governs the transfer of personal data outside the EU and EEA. The GDPR's goals are to enhance individuals' control and rights over their personal information and to simplify the regulations for international business.

What is the aim of the Regulation?

  • The general data protection regulation (GDPR) protects individuals when their data is being processed by the private sector and most of the public sector. The processing of data by the relevant authorities for law-enforcement purposes is subject to the data protection law enforcement directive (LED) instead.
  • It allows individuals to better control their personal data. It also modernises and unifies rules, allowing businesses to reduce red tape and to benefit from greater consumer trust.
  • It establishes a system of completely independent supervisory authorities in charge of monitoring and enforcing compliance.
  • It is part of the European Union (EU) data protection reform, along with the data protection law enforcement directive and Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies.

Key Points

Data protection rights for individuals

Under the GDPR, individuals have several rights over their personal data.

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Rights in relation to automated decision-making and profiling

Read more about the rights of individuals under the GDPR

Rules for businesses

The GDPR creates a level playing field for all companies operating in the EU internal market, adopts a technology-neutral approach and stimulates innovation through a number of steps, which include the following.

  • A single set of EU-wide rules. A single EU-wide law for data protection increases legal certainty and reduces administrative burden.
  • A data protection officer. A person responsible for data protection has to be designated by public authorities and by businesses that process data on a large scale, or whose core activity is the processing of special categories of data, such as health-related data.
  • One-stop shop. Businesses only have to deal with one single supervisory authority (in the EU Member State in which they have their main establishment); the relevant supervisory authorities cooperate in the framework of the European Data Protection Board for cross-border cases.
  • EU rules for non-EU companies. Companies based outside the EU must apply the same rules when offering services or goods to, or when monitoring the behaviours of, individuals within the EU.
  • Innovation-friendly rules. A guarantee that data protection safeguards are built into products and services from the earliest stage of development (data protection by design and by default).
  • Privacy-friendly techniques. Pseudonymisation (when identifying fields within a data record are replaced by one or more artificial identifiers) and encryption (when data is coded in such a way that only authorised parties can read it), for example, are encouraged, in order to limit the intrusiveness of processing.
  • Removal of notifications. The GDPR scrapped most notification obligations and the costs associated with these. One of its aims is to remove obstacles that affect the free flow of personal data within the EU. This will make it easier for businesses to expand in the single digital market.
  • Data protection impact assessments. Organisations will have to carry out impact assessments when data processing may result in a high risk for the rights and freedoms of individuals.
  • Record keeping. Small and medium-sized enterprises are not required to keep records of processing activities – unless the processing is regular or likely to result in a risk to the rights and freedoms of the person whose data is being processed, or includes sensitive categories of data.
  • A modern toolbox for international data transfers. The GDPR offers various instruments to transfer data outside the EU, including adequacy decisions adopted by the European Commission where the non-EU country offers an adequate level of protection, pre-approved (standard) contractual clauses, binding corporate rules, codes of conduct and certification.

The main Legal basis of the Republic of Moldova

  • Legea Nr. 133/2011 privind protecția datelor cu caracter personal (până la 23.08.2026)
  • Legea Nr. 195/2024 privind protecția datelor cu caracter personal (din 23.08.2026)

The main EU regulatory framework

  • Regulation (EU) 2016/679, General Data Protection Regulation (GDPR)
  • Regulation (EU) 2018/1725 on the protection of natural persons with regard to the processing of personal data by the EU institutions, bodies, offices and agencies
  • Directive 2002/58/EC concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications)
  • Directive (EU) 2016/680 – Protecting individuals with regard to the processing of their personal data by police and criminal justice authorities and on the free movement of such data
  • Directive (EU) 2016/681 on the use of passenger name record data for the prevention, detection, investigation and prosecution of terrorist offences and serious crime
  • Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union
  • European Commission, official website
  • Wiki: General Data Protection Regulation (GDPR)


  Personal data protection - Moldova  
🆔 Subject-matter and purpose of the Law 
🆔 Material scope 
🆔 Territorial scope 
🆔 Definitions 


  Personal data protection - General Data Protection Regulation (GDPR)  
🆔 What is personal data? 
🆔 What is data processing 
🆔 Who processes personal data? 
🆔 When and to whom does EU data protection law apply? 
🆔 How is personal data protected? 
Alexhost - Webhosting support of the e-Legal.md Diginet.md - Ecommerce Solutions and Internet Marketing OpenCode.md - Open Source products and Digital Public Goods e-Cont.md - Issuance and circulation of e-invoices for payment for business in Moldova (B2B)