Articles bg

Articles

Articles

Moldova's New Personal Data Protection Law: What Businesses Need to Do Before End of Summer

In late August 2026, Moldova's Law No. 195/2024 on the protection of personal data comes into force — the first major overhaul of data-handling rules in 15 years, bringing the country closer to the European GDPR standard. This isn't just a new act number: the underlying logic of business liability is changing, and the supervisory authority has already signaled it expects real compliance, not a paper privacy policy.

On July 10, Chișinău hosted the conference "A New Era for Data Protection: Implementing GDPR," attended by the National Center for Personal Data Protection, an EU delegation, and invited European experts. The presence of Max Schrems, one of Europe's most widely cited digital rights specialists, signals that the regulator is treating the subject seriously rather than as a formality.

Before 2026From August 2026
Law No. 133/2011Law No. 195/2024
Formal existence of a privacy policyNeed to demonstrate actual compliance with procedures
Territory of MoldovaAlso applies to foreign operators handling data of individuals in Moldova
Complaint-driven inspectionsMore proactive oversight by the National Center

Who the law applies to

One of the key changes is the expanded territorial scope. The law applies not only to Moldovan companies but also to data operators outside the country, if their activity involves offering goods or services to people located in Moldova — regardless of whether those services are paid or free. This mirrors the logic of Article 3 of the GDPR: if you serve Moldovan clients remotely, the law applies to you just as it would to a local business.

Who falls under the new rules: any business that collects data from customers, employees, candidates, partners, or newsletter subscribers — regardless of industry or ownership structure.

What the regulator will actually check

The National Center for Personal Data Protection retains and expands its oversight powers: the right to access documents related to data processing, the right to inspect equipment and systems, and the right to issue violation reports.

Checklist: what to review before end of August

#What to doWhy it matters
1Review contracts with counterpartiesData processing provisions are needed — from a standalone clause to a full data processing agreement (DPA)
2Audit foreign servicesCRM, email marketing tools, cloud storage, analytics, chatbots — the highest risk sits here
3Decide on a DPODetermine whether the company needs a dedicated data protection officer
4Review HR and customer databasesThe rules cover employee and candidate data just as much as customer data
5Build a data mapUnderstand what data you hold, where it comes from, why, and how long it's retained — the foundation for everything else

Why start now, not in August

Compliance built in advance costs a company less — and far less stress — than a rushed overhaul under the pressure of an inspection or a complaint. In practice, companies that leave preparation until the last minute most often run out of time precisely on point 5 — the data map, without which the other steps are done blind.

Our team conducts compliance audits against the new law and prepares the necessary contractual documents and internal policies. If you have a website, CRM, mailing lists, or an HR database, it's worth checking them now. Get in touch for a consultation.

Articles

Useful articles

Legal Opinion, Memorandum and Due Diligence: what actually sits behind each format

The legal market is structured so that the same task gets different names in different offices — opinion, memorandum, assessment, analysis. Lawyers rarely explain the difference, clients rarely ask. The result is wrong expectations, weak documents and decisions made without the right information.

IFRS 18 and IFRS 19 approved in Moldova: what will change from 2027

In the Monitorul Oficial dated April 3, 2026, Order of the Ministry of Finance No. 49 of March 30, 2026 was published, approving and adopting the International Financial Reporting Standards.

Draft Law on the Crypto-Asset Market in Moldova: License, Requirements

The Republic of Moldova has developed and published for public discussion a draft Law on the Crypto-Asset Market. For the first time in the history of the Republic of Moldova, crypto businesses are receiving legal regulation and official status. This article analyzes the draft law: examining the key changes, legal risks, and practical consequences for business.

Leave a request

Block - Leave a message
Call message Call close