TWINNING
TWINNING PROJECT MD 13ENPI JH0317 (MD29) “Capacity Building of the National Center for Personal Data Protection of the Republic of Moldova”
Background
The overall objective of this Project is ensuring a high level of personal data protection and respect of the right to privacy in the Republic of Moldova, in accordance with the European Union’s legal framework and standards in the subject matter’s field as well as supporting the lawful exchange of personal data between EU Member States and the Republic of Moldova beyond May 2018 when the General Data Protection Regulation becomes applicable and when, in EU MS, Directive 2016/680 will need to have been transposed in national legislation.
Project’s purpose is
– to harmonise the Republic of Moldova’s national legislation in the field of data protection with the European Union’s legal framework and standards (e.g. the EU Regulation 2016/679 – General Data Protection Regulation – and EU Directive 2016/680 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data).
– To strengthen the National Centre for Personal Data Protection’s capabilities
– To raise awareness around data protection legislation among data subjects, data controllers and data processors.
The project is a contribution to the EU – Republic of Moldova Association Agreement and to the Single Support Framework for EU support to the Republic of Moldova (2014-2017)
The Twinning project aims directly at fulfilling one of the main provisions found in the European Union – Republic of Moldova Association Agreement (AA) which states in Article 13(1) that “the Parties agree to cooperate in order to ensure a high level of protection of personal data in accordance with the European Union, Council of Europe (CoE) and international legal instruments and standards”. The GDPR repeals and replaces Directive 95/46/EC, meaning that – in order to further guarantee a lawful exchange of personal data between both sides – the Moldovan side has to ensure a level of personal data protection in line with the provisions laid down in the GDPR.
The Project is a consortium between European Commission, represented by the Delegation of the European Union to the Republic of Moldova and German Foundation for International Legal Cooperation (IRZ)and the Ministry of Justice of the Republic of Latvia. The Beneficiary Institution is the National Center for Personal Data Protection of the Republic of Moldova.
The Project commenced on 2d of October, 2017 and shall run for 24 months with a budget of nearly 1 million euros granted by the EU taxpayers.
Mandatory deliverables:
I. National legislation on personal data protection is harmonized with the EU acquis, including with the provisions of the GDPR and EU Directive 2016/680 by means of:
-assessment of existing national legislation on personal data protection and assistance in developing a draft law on personal data protection incorporating the recommendations and conclusions of the Twinning experts’ and compliant with GDPR and EU Directive 2016/680 requirements
– assistance in developing and/or harmonising secondary legislation with a view to rendering them compliant with the new draft law on personal data protection.
– assistance to developing a series of operational and internal guidelines and drafting of new National Strategy on personal data protection for 2020-2022
II. Capacity of the National Centre for Personal Data Protection and other relevant stakeholders in enforcing personal data protection law is strengthened
Following a thorough needs assessment and identifying main areas of interest for NCPDP and other relevant stakeholders:
– Assistance in drafting 7 codes of conduct and/or guidelines for processing personal data in specific sectors (health, finance, law enforcement, electoral process, media, video surveillance and electronic communication)
– Assistance in drafting of manuals / Standard Operating Procedures for NCPDP staff in the fields of (a) data controller registration, (b) monitoring and prevention, (c) investigations, (d) complaints, (e) international transfer approvals.
Trainings on: investigation procedures, rapid response procedures to personal data protection security incidents, communication and awareness building around personal data protection legislation and requirements
III. The level of awareness on the principles, legal provisions and implications of the GDPR among data subjects (general public), data controllers and data processors (private companies, central and local authorities) is increased through assistance in:
– Impact study of the GDPR for private sector companies
– setting up and conducting an ex-post survey on the perception of the right to and enforcement of personal data protection in the Republic of Moldova
-developing a communication and awareness raising action plan for the NCPDP using also various media (radio, TV, internet and printed press).
– designing and developing educational and communications material, aimed at aiding target groups to adapt to requirements laid down in the GDPR and EU Directive 2016/680
– assisting in modernising the NCPDP web site (e.g. sectoral video spots, live trainings and setting up a periodical newsletter for an audience external to the NCPDP)
– training sessions for data controllers and other relevant private sector companies’ staff
TWINNING DOCUMENTS
- Presentation of EU Twinning Project achievements at the closing event of the project
- Concordance table regarding the Law on personal data protection no. 133 and the EU Data Protection Regulation 2016/679
- GAP analyses regarding the Law on personal data protection no. 133 and the EU Data Protection Regulation 2016/679
- Gap analysis regarding the Law on personal data protection no. 133 and Directive (EU) 2016/680
- Presentation – Implementation of European Union legislation
- Directive (EU) 2016/680 gap analysis results
- Recommendations for GDPR rules implementation in the legislation of the Republic of Moldova
- Data Protection in Law Enforcement Area
- GDPR impact study on private organizations in Moldova
- Presentation – Themes for training on data protection
- Conclusions about the survey for legal institutions
- Conclusions about the survey for institutions who are controllers of information systems
- Conclusions about the survey for National Centre for Personal Data Protection
- Conclusions about the survey for Parliament
- Conclusions about the survey for Association of Independent Press, Centre for Independent Journalism, Press Council, Promo-Lex
- Presentation – The GDPR one set of rules designed to give greater control to users over their personal data
- Presentation – Personal data protection and public institutions
- Presentation – Personal Data Protection and freedom of information
- Data protection impact assessment manual
- Requirements for security measures for protecting and processing personal data within information systems
- Presentation of the European expert for training courses in the health sector
- Presentation of the European expert for training courses in the financial sector
- Draft Code of Conduct in relation to the legal framework applicable to the processing of personal health related data and in particular to the Draft Law on Personal Data Protection adopted by the Parliament in the 1st reading on 30.11.2018
- Draft Guidelines on personal data processing in electoral process
- Draft Guidelines on personal data processing in media sector
- Draft Guidelines on personal data processing within video surveillance systems
- Draft Code of Conduct on personal data processing in electronic communication sector
- Survey on perception of the right to and enforcement of personal data protection