Personal data protection

Personal data protection is a rapidly evolving field in the Republic of Moldova, shaped by ongoing reforms and the country’s commitment to aligning with European Union standards. Clients and businesses need to understand both the current legal framework and the major changes that will take effect in the coming years.

1. Current Framework: Law No. 133/2011

The processing of personal data is currently governed by Law No. 133/2011 on Personal Data Protection.

What qualifies as personal data

Any information that can identify an individual, such as: name, IDNP, contact details, financial and medical data, images, location data, and online identifiers.

Key principles

  • lawful, transparent, and proportionate processing;
  • collection of the minimum necessary data;
  • use of data strictly for declared purposes;
  • confidentiality and data security;
  • respect for the rights of individuals (access, rectification, deletion, objection, etc.).

Obligations of data controllers

Businesses must implement technical and organizational measures to ensure data security, inform data subjects, and maintain proper governance of personal data.

2. New Law No. 195/2024 — Full GDPR Alignment

In July 2024, Moldova adopted Law No. 195/2024 on Personal Data Protection, a modern and comprehensive framework aligned with the EU General Data Protection Regulation (GDPR).

Effective date: 23 August 2026

Until then, Law No. 133/2011 remains fully in force.

What Law 195/2024 introduces

  • enhanced accountability for data controllers and processors;
  • mandatory internal records of processing activities;
  • Data Protection Impact Assessments (DPIA) for high-risk operations;
  • stricter transparency and consent requirements;
  • updated rules for international data transfers;
  • mandatory breach notification procedures;
  • more significant sanctions for non-compliance.

3. What Clients and Companies Should Know

  • the current law must be observed until 2026;
  • companies should begin preparing now for the more robust requirements of the new law;
  • internal processes, IT systems, and privacy policies must be reviewed and updated;
  • individuals have expanded rights to control their personal data.

4. How We Support Our Clients

Balaban & Partners provides tailored assistance in:

  • advising on risk management and incident response.
  • assessing compliance under the current law;
  • preparing for the 2024 GDPR-aligned framework;
  • drafting privacy policies, internal registers, and operational procedures;
  • conducting staff training and compliance audits;