Articles
Moldova's New Personal Data Protection Law: What Businesses Need to Do Before End of Summer
In late August 2026, Moldova's Law No. 195/2024 on the protection of personal data comes into force — the first major overhaul of data-handling rules in 15 years, bringing the country closer to the European GDPR standard. This isn't just a new act number: the underlying logic of business liability is changing, and the supervisory authority has already signaled it expects real compliance, not a paper privacy policy.
On July 10, Chișinău hosted the conference "A New Era for Data Protection: Implementing GDPR," attended by the National Center for Personal Data Protection, an EU delegation, and invited European experts. The presence of Max Schrems, one of Europe's most widely cited digital rights specialists, signals that the regulator is treating the subject seriously rather than as a formality.
| Before 2026 | From August 2026 |
|---|---|
| Law No. 133/2011 | Law No. 195/2024 |
| Formal existence of a privacy policy | Need to demonstrate actual compliance with procedures |
| Territory of Moldova | Also applies to foreign operators handling data of individuals in Moldova |
| Complaint-driven inspections | More proactive oversight by the National Center |
Who the law applies to
One of the key changes is the expanded territorial scope. The law applies not only to Moldovan companies but also to data operators outside the country, if their activity involves offering goods or services to people located in Moldova — regardless of whether those services are paid or free. This mirrors the logic of Article 3 of the GDPR: if you serve Moldovan clients remotely, the law applies to you just as it would to a local business.
Who falls under the new rules: any business that collects data from customers, employees, candidates, partners, or newsletter subscribers — regardless of industry or ownership structure.
What the regulator will actually check
The National Center for Personal Data Protection retains and expands its oversight powers: the right to access documents related to data processing, the right to inspect equipment and systems, and the right to issue violation reports.
Checklist: what to review before end of August
| # | What to do | Why it matters |
|---|---|---|
| 1 | Review contracts with counterparties | Data processing provisions are needed — from a standalone clause to a full data processing agreement (DPA) |
| 2 | Audit foreign services | CRM, email marketing tools, cloud storage, analytics, chatbots — the highest risk sits here |
| 3 | Decide on a DPO | Determine whether the company needs a dedicated data protection officer |
| 4 | Review HR and customer databases | The rules cover employee and candidate data just as much as customer data |
| 5 | Build a data map | Understand what data you hold, where it comes from, why, and how long it's retained — the foundation for everything else |
Why start now, not in August
Compliance built in advance costs a company less — and far less stress — than a rushed overhaul under the pressure of an inspection or a complaint. In practice, companies that leave preparation until the last minute most often run out of time precisely on point 5 — the data map, without which the other steps are done blind.
Our team conducts compliance audits against the new law and prepares the necessary contractual documents and internal policies. If you have a website, CRM, mailing lists, or an HR database, it's worth checking them now. Get in touch for a consultation.
Useful articles
Legal Opinion, Memorandum and Due Diligence: what actually sits behind each format
The legal market is structured so that the same task gets different names in different offices — opinion, memorandum, assessment, analysis. Lawyers rarely explain the difference, clients rarely ask. The result is wrong expectations, weak documents and decisions made without the right information.
IFRS 18 and IFRS 19 approved in Moldova: what will change from 2027
In the Monitorul Oficial dated April 3, 2026, Order of the Ministry of Finance No. 49 of March 30, 2026 was published, approving and adopting the International Financial Reporting Standards.
Draft Law on the Crypto-Asset Market in Moldova: License, Requirements
The Republic of Moldova has developed and published for public discussion a draft Law on the Crypto-Asset Market. For the first time in the history of the Republic of Moldova, crypto businesses are receiving legal regulation and official status. This article analyzes the draft law: examining the key changes, legal risks, and practical consequences for business.
Leave a request