The EU funded Project “Support for structured policy dialogue, coordination of the implementation of the Association Agreement and enhancement of the legal approximation process in the Republic of Moldova” completed the process of reviewing the compliance of national laws with the EU General Data Protection Regulation (GDPR). Upgrading this particular national legislation is significant for all citizens of the Republic of Moldova, because privacy and data protection have become increasingly crucial in everyday life, both in private life and at work. The rights to privacy and data protection have long been recognised as fundamental rights. Therefore, when organisations, companies, websites or applications, collect, process and keep personal data, such as names, functions, office addresses, phone numbers, photos, email address, political or religious beliefs, ethnic origin, genetic data, civil status etc. – these types of information collected, including the storage mechanisms and further use of data gathered – must be regulated to ensure that the fundamental right to privacy and data protection are respected and protected by adequate laws.

GDPR represents a legal act which ensures a homogenous application of the data protection principles throughout all EU member states. The Republic of Moldova, according to Association Agreement, has assumed the commitment to update its own legislation in line with the European Union law. Currently, new Data protection law was elaborated and submitted for the adoption to the Parliament. The Republic of Moldova is on the way to adopt a new data protection law in line with the European acquis.

Namely, the project experts assessed the degree of compliance of Regulation No.2016/679 (GDPR) and Police Directive No.2016/680 of the draft Law on personal data protection and Law on National Center for Personal (NCPDP) data protection, adopted in 1st reading by the Parliament. The draft laws adopted by the Parliament in 1st reading were around 60% compliant with the provisions of the GDPR. To improve the respective legislation, the draft laws were analysed on “article-by-article basis” asking representatives to express all the objections/proposals or questions they had. Each provision which was questioned or objected from the private sector side was discussed and explained by the team of project experts.

Also, the experts of the EU funded project drafted a brief document „Basic principles and developments on personal data protection in the European Union and the Republic of Moldova” with historical references and explanation of the basic principles of the personal data protection. The major purpose of the document is to introduce the necessity and reasons of the personal data protection regulation in the modern world with the interaction of the new technologies. There document details the recent developments of the legal requirements on personal data protection in the EU that can benefit the Republic of Moldova.

Such an in-depth analysis on the new approach of the personal data protection legislation is necessary in order to understand the scope of the legislative changes necessary in the legislation of the Republic of Moldova to fulfil the obligation of the Association Agreement between the European Union and the European Atomic Energy Community and their Member States, of the one part, and the Republic of Moldova, of the other part. This analysis also helps raise awareness and understanding on basic rules on personal data protection, to complement the previous assessment on legislation proposal on personal data protection adopted by the Parliament of the Republic of Moldova.

Why is it important to protect personal data?

In the modern world, where technologies are developing fast, data is becoming a value that can be transferred and used at high speed. Personal data is a type of property, and each person has the right to decide, according to law provisions, how to use this data. The ignorant or abusive use of personal data can cause harm. If for example, a person gave a piece of their personal data, for e.g. phone number, to subscribe for a client card, but then this information is transferred to another company, then unexpected calls might follow or text messages from another company to buy its products, etc. In this case, a person’s right to data protection, which is a fundamental right, is infringed, and the person’s freedom to decide over this is also infringed. Such kind of data cannot be transferred to third parties without the person’s consent. This is where the law on data protection intervenes and protects citizens.

For the Republic of Moldova, the new data protection law shall bring together with rights, also duties, but in first place it should raise awareness about the accountability of use of personal data. It shall also bring benefits for private companies to develop their businesses and bring more clarity for the state institutions to use and access personal data according to transparent and clear rules at European level.

Subsequently, for citizens, the new law on data protection brings a range of benefits, amongst which:

provides a higher level of protection of personal data;

gives a range of possibilities to inquire both state and private institution regarding the personal data. The right to access personal data implies that a citizen can inquire an institution about its data and the institution is obliged to answer.

enables citizens to ask for the rectification of data if it is incorrect;

allows citizens, under some circumstances, to ask the processor to restrict the data processing;

provides the right to data portability and gives citizens the right to ask the data to be transmitted to another party;

enables citizens to ask for the erasure of the data.