Financial Crime World

Here is the article in markdown format:

Moldova’s Data Protection Laws and Regulations: Key Aspects

Moldova has implemented various laws and regulations to ensure compliance with the General Data Protection Regulation (GDPR). Here are some key points extracted from these regulations.

Data Protection Officer (DPO)

A Data Protection Officer (DPO) is a crucial role in ensuring compliance with data protection regulations. The DPO’s tasks include:

  • Informing and advising on obligations related to data protection
  • Monitoring compliance with data protection laws and regulations
  • Providing advice on Data Protection Impact Assessments (DPIAs)
  • Cooperating with the National Commission for the Protection of Personal Data (NCPDP)
  • Acting as a contact point for data subjects and other stakeholders

Data Breach Notification

While there are no specific provisions for data breach notification in national law, controllers must notify the NCPDP annually of all system security incidents by January 31st.

Data Retention

Personal data can be stored for no longer than necessary for the purposes for which it was collected or further processed. When processing is finished and there’s no consent for further processing, data must be:

  • Destroyed
  • Transferred to another controller with the same purpose of processing
  • Converted into anonymized data

Children’s Data

Children’s personal data can be processed without special conditions, except that controllers may need to perform a Data Protection Impact Assessment (DPIA). If consent is required, it must be obtained from legal representatives (e.g., parents).

Special Categories of Personal Data

Processing personal data relating to:

  • Criminal convictions
  • Coercive procedural measures
  • Administrative sanctions

is only allowed by or under the control of public authorities within their competencies and on conditions set by laws regulating these areas.

Controller and Processor Contracts

When processing is carried out by a processor, contracts must be in place outlining responsibilities, security measures, and data protection obligations.