GDPR in Moldova 2026 – New Data Protection Law, Requirements and Business Risks

By Published On: April 29, 2026

Introduction

Starting in 2026, a new data protection law will come into force in the Republic of Moldova, aligning national legislation with European GDPR standards. For businesses, this means new compliance obligations, stricter enforcement, and significant financial risks.

This guide explains what will change, who is affected, and how to prepare in advance.

What Is the New Law and When Does It Take Effect

The new data protection law was adopted in 2024 and will enter into force on August 23, 2026, replacing the existing legal framework.

  • Stronger protection of personal data
  • New compliance requirements for companies
  • Increased regulatory control and penalties

What the Law Covers

The law applies to virtually all business activities involving personal data:

  • data collection (names, emails, phone numbers)
  • storage and processing
  • sharing with third parties
  • international data transfers
  • online tracking (cookies, analytics)

Important: it also applies to foreign companies that process data of individuals located in Moldova.

Rights of Individuals

Individuals will have expanded rights, including:

  • right of access
  • right to rectification
  • right to erasure (“right to be forgotten”)
  • right to restrict processing
  • right to data portability

Companies must be able to respond to these requests efficiently.

Key Obligations for Businesses

1. Accountability and Documentation

Maintain records of processing activities (RoPA) and demonstrate compliance.

2. Data Security Measures

Implement technical and organizational safeguards to protect data.

3. DPIA (Data Protection Impact Assessment)

Required for high-risk processing such as profiling or large-scale data use.

4. Appointment of a DPO

Some organizations must appoint a Data Protection Officer.

5. International Data Transfers

Cross-border data transfers will be strictly regulated.

Key Risks for Businesses

Fines

Penalties may reach up to 4% of annual turnover.

Regulatory Inspections

Authorities may conduct audits and impose sanctions.

Data Breaches

Mandatory notification obligations and reputational damage risks.

Website and Online Risks

  • contact forms
  • CRM systems
  • cookies and tracking tools
  • email marketing

Employee Risks

Internal misuse and improper access control remain major threats.

Who Must Comply

Almost all businesses are affected:

  • law firms
  • e-commerce companies
  • IT businesses
  • marketing agencies
  • accounting firms

If your company stores customer data, you must comply.

How to Prepare

  • conduct a data protection audit
  • update privacy policies
  • implement GDPR-compliant procedures
  • strengthen data security
  • train employees

Legal Assistance

Preparing for the new law requires a structured approach. Mistakes can lead to fines and operational risks.

We can help you:

  • perform a GDPR compliance audit
  • prepare legal documentation
  • implement data protection procedures

Frequently Asked Questions (FAQ)

When does the law take effect?

August 23, 2026.

Who does it apply to?

All businesses that process personal data.

What are the penalties?

Up to 4% of annual turnover.

Does it apply to small businesses?

Yes, regardless of company size.

Conclusion

The new data protection law marks a major shift toward EU standards. Businesses that prepare early will reduce risks and gain a competitive advantage.


ASK A QUESTION or ORDER A SERVICE

click the icon to call us

Written by : Law Office Viorel Furtuna

PUBLICATION’S TOPICS

LATEST PUBLICATIONS