On November 21, 2025, the National Center for Personal Data Protection organized a training session in the field of personal data protection for employees of the General Inspectorate for Migration (GIM), Center Regional Directorate, according to the training plan within the GIM for 2025, approved and signed by the heads of the NCPDP and GIM on January 27 of this year.

       The training aimed to familiarize participants with the fundamental principles of data protection, strengthening knowledge regarding institutional and individual obligations in the process of processing personal data, identify risks and apply appropriate security measures, as well as increase the level of responsibility in relation to the management of data of citizens and foreigners undergoing migration procedures.

       For GIM representatives, training is a fundamental element in guaranteeing:

• Operational compliance with data protection legislation, given the essential role of the GIM in managing migration flows, documentation and record-keeping processes, as well as specific databases.
•  Increasing the level of institutional security, by reducing the risk of security incidents and by strengthening an internal culture of accountability and transparency.
• Continuous capacity-building for employees, which contributes to a more efficient execution of job duties and to the improvement of services provided to citizens, asylum seekers and migrants.
• Adapting to new regulatory and technological developments, in a context in which the digitalization of processes and the inter-institutional exchange of information are becoming increasingly complex.

       Participants benefited from an interactive session, which resulted in several conclusions and strengthened skills, including: in-depth understanding of data processing principles and their application in daily work, including in documenting migrants, managing files and using internal information systems; awareness of the importance of data minimization, limited access only to authorized persons and the need to justify each processing operation; acquisition of practical knowledge on preventing incidents, such as unauthorized disclosures or illegal access to systems; understanding of the institution’s obligations regarding the communication of security incidents, including the procedures for notifying the NCPDP and informing data subjects when necessary; strengthening the skills to respect the rights of data subjects, especially in complex situations specific to the field of migration, where transparency and fairness of data processing are essential for protecting vulnerable persons.

       During the event, 16 representatives from GIM, Center Regional Directorate, were trained.

       Through such training, NCPDP reaffirms its commitment to constantly support GIM employees in the correct application of data protection rules, to provide them with professional support and practical tools for secure information management, and to contribute to the development of a responsible institutional culture in the field of personal data protection.

       On November 18, 2025, the National Center for Personal Data Protection (NCPDP) organized a training session in the field of personal data protection for the employees of the Nisporeni Police Inspectorate, according to the training plan within the IGP subdivisions for 2025, approved and signed by the leaders of the NCPDP and IGP on January 28 of this year.

       The purpose of the training session was to strengthen the professional capacities of the employees of the Nisporeni Police Inspectorate in the field of personal data protection, by deepening the applicable regulatory framework, as well as by familiarizing them with European standards and good practices in the field.

       The training session aimed to ensure a uniform and correct application of data protection legislation in specific police activities, in the context in which IGP representatives manage sensitive information on a daily basis, in exercising their duties of preventing, detecting and investigating crimes. Therefore, the session focused on developing a consolidated institutional culture in the field of data protection, aimed at supporting both employee professionalism and respect for the fundamental rights of data subjects.

       During the session, NCPDP trainers addressed an extensive set of topics relevant to police activity, such as: the application of the principles of legality, fairness, proportionality and data minimization in current operations; the particularities of processing sensitive data and information regarding persons at risk; the obligation to rigorously document processing activities and the importance of internal registers; the responsibilities of employees in daily activity, as well as the role of the Data Protection Officer; prevention and reporting of security incidents, with an emphasis on prompt response and institutional cooperation.

       The importance of training for employees of the Nisporeni Police Inspectorate derives from the need for responsible, legal and proportionate management of citizens’ personal data, in a complex operational context, characterized by accelerated digitalization, inter-institutional information exchanges and exposure to risks associated with data security. The training contributes to strengthening the capacity of the Nisporeni Police Inspectorate to prevent security incidents, ensure the transparency of internal processes, and maintain a high level of public trust in police activity.

       Among the lessons learned from the training are: strengthening the understanding of the need to strictly comply with data protection legislation in all operational activities; awareness of the risks associated with data processing without legal basis or outside the established limits; recognition of the essential role of transparency and accountability in internal processes; appreciation of the importance of effective communication with the NCPDP and continuous training as a fundamental element in ensuring compliance.

       The NCPDP reaffirms its commitment to support, through systematic training and specialized expertise, all IGP subdivisions in the joint effort to promote compliance, professionalism and the protection of the fundamental rights of the citizens of the Republic of Moldova.

       During the event, 57 representatives of the Nisporeni Police Inspectorate were trained.

       On November 14, the National Center for Personal Data Protection (NCPDP) continued its information and awareness campaign for the school community, organizing the training session “Personal data protection and children’s safety in the online environment” for the Public Institution “Ștefan cel Mare”, Theoretical High School in Chișinău. The event took place during the Personal Development class, the target audience being students of the “A” 3rd grade.

       The aim of the training session was to familiarize children with the notion of personal data and develop a clear understanding of why this information needs to be protected. Given that students increasingly use the internet for educational, recreational or communication activities, developing a cautious and responsible attitude becomes essential. The session aimed to help children become aware of the risks of the online environment and adopt good digital security practices from an early age.

       During the training, NCPDP specialists used real-life examples, educational games, and interactive activities to facilitate understanding of concepts in an accessible and attractive way for the young audience. Students were encouraged to ask questions, share their own experiences using the internet, and reflect on situations where risks may arise.

       As a result of the activity, students learned and understood:

• What is personal data and how it can be identified in everyday life – name, surname, phone number, home address, photos, passwords, or other information that can identify them.
• Why is it important to protect this data, especially in the online environment, where information can be easily accessed, copied or used for improper purposes?
• How to avoid potential dangers, such as conversations with unknown people, accessing suspicious links or files, or sharing information containing personal data on social networks.
• Essential rules for online safety, including using strong passwords, keeping those passwords confidential, limiting the information shared on social media, checking privacy settings, and seeking help from a trusted adult when encountering unclear or worrying situations.
• The importance of responsible and respectful behavior in the digital environment, understanding that personal safety and that of colleagues depends, in large part, on how they communicate and interact online.

       Through this activity, NCPDP emphasized the importance of early digital education, emphasizing that risk prevention is much more effective when children are informed correctly and on time. In the context of the constant increase in the use of technology by children, training dedicated to them is becoming a necessity for developing a culture of data protection and safety in the online environment.

       NCPDP reaffirms its commitment to continue educational initiatives aimed at students, contributing to the formation of a generation capable of navigating safely and responsibly in the digital space.

       The event was organized at the initiative of the National Council for the Protection of Children and Youth, training 37 students. At the same time, the information materials, as well as the gifts offered to the students, were developed with the support of the United Nations Children’s Fund (UNICEF).

       It should be noted that the information and awareness campaign for the school community was launched on April 15, 2022, and the NCPDP aims to continue this training format both in school institutions in Chișinău and in those in the districts of the Republic of Moldova.

       Between November 3-5, representatives of the National Center for Personal Data Protection (NCPDP) participated in the 49th plenary meeting of the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data (Convention 108), which took place in Strasbourg, France.

       Important topics were discussed during the Meeting, including:

• Convention 108+, current ratifications and accessions;
• Transborder data flows of personal data;
• Data protection in the context of large language models (LLMs);
• Cooperation with other Council of Europe bodies and entities;
• Major developments and activities in the field of data protection, etc.

       At the same time, after a detailed analysis, the Committee adopted the Work Programme for the period 2026-2029, which will be implemented starting in January 2026. The document outlines strategic directions regarding: strengthening the legal framework of Convention 108+; addressing emerging risks in the field of AI and neurodigital technologies; developing international cooperation tools and technical assistance for member states and partners. The state of development of the Guidelines on data protection in the context of neuroscience research was also presented, with Member States invited to submit comments by November 21, 2025, and the document will be analyzed in detail at the next plenary session.

       The plenary meeting demonstrated the dynamic and evolving nature of the European data protection regulatory framework. The Consultative Committee of Convention 108 continues to play a key role in guiding public policies, defining ethical principles of digitalisation and promoting responsible data governance globally. Participation in this session was a valuable opportunity to exchange expertise and strengthen international cooperation, reaffirming our state’s commitment to protecting fundamental rights in the digital age.

       The NCPDP, as the national supervisory authority for the processing of personal data, emphasizes the importance of the participation of the Republic of Moldova in the plenary meetings of the Consultative Committee of the Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, as well as the weight of the documents adopted within them.

I.                  Information and training activities carried out by the NCPDP

       During the third quarter of 2025 (July – September), the National Center for Personal Data Protection (NCPDP) continued to make significant progress in achieving its objectives, focusing particularly on the development and implementation of activities aimed at informing and raising awareness of the general public regarding the importance of the field of personal data protection. In this context, a series of educational initiatives and awareness campaigns were carried out aimed, on the one hand, at explaining citizens’ rights regarding the management of their personal data, and on the other hand, at promoting responsible behavior regarding their protection.

       Through these actions, NCPDP aimed not only to increase the degree of understanding of the legal regulations in the field, but also to cultivate an organizational and social culture in which respecting confidentiality and data security becomes an integrated practice in the daily life of every citizen. This approach aims to ensure not only compliance with national and European legislation, but also to strengthen the general public’s trust in the personal data protection process.

       During the reference period, the organization of training sessions for the subdivisions of the General Inspectorate of Police (GIP) continued, according to the training plan approved and signed by the heads of the NCPDP and GIP, on January 28, 2025.

       Thus, training sesssions were organized for the following subdivisions:

• July 15 – Căușeni Police Inspectorate;
• August 5 – Criuleni Police Inspectorate;
• September 23 – Dubăsari Police Inspectorate.

       In this context, 225 representatives from the GIP subdivisions were trained.

       Likewise, the organization of training sessions for employees within the structural, specialized and territorial subdivisions of the General Inspectorate for Migration (GIM) continued, according to the training plan approved and signed by the heads of the NCPDP and GIM, on January 27, 2025.

       Thus, training sessions were organized for the following subdivisions:

• September 17 – Structural and Specialized Subdivisions of the GIM;
• September 19 – Southern Regional Directorate of the GIM.

       In this context, 31 representatives from GIM subdivisions were trained.

       During the reference period, NCPDP demonstrated openness and a spirit of collaboration, organizing multiple training sessions for representatives of public/private institutions, at their request.

       Thus, training sessions were organized for the following entities:

• July 1 –  Moldtelecom;
• July 02 – The National Energy Regulatory Agency (NERA);
• July 03 – Moldovan Banks Association;
• July 12 – School of Building Administrators;
• July 19 – School of Building Administrators;
• September 02 – National Office of Social Insurance;
• September 08 – Customs Service;
• September 11 – Post of Moldova.

       In this context, 325 representatives of the above-mentioned entities were trained.

       The training sessions aimed to familiarize with aspects related to the field of personal data protection, the regulation of processing procedures, as well as the confidentiality and security regime of personal data in accordance with the legislation in force. Important topics were discussed during the events, such as: defining general notions related to the field of personal data protection; principles and legal grounds for the processing of personal data; rights of personal data subjects; processing of special categories of personal data; requirements regarding the personal data protection in the exercise of job duties; ensuring the security and confidentiality of processed personal data; aspects related to the appointment of the Data Protection Officer (DPO), as well as his obligations and tasks; aspects related to the Data Protection Impact Assessment (DPIA), as well as the stages of conducting a DPIA, etc.

       At the same time, the information and awareness campaign for the school community was continued with the theme: “Personal data protection and children’s safety in the online environment”. The goal of the campaign was to raise awareness and educate children regarding: the importance of protecting personal data; identifying risks in the online environment; adopting responsible, safe and informed behavior in the digital space to support children to browse the internet in a safe, ethical and informed manner, reducing their vulnerability to online threats. The topics addressed during the trainings focused on: what personal data is; how to protect your personal data online; risks and threats in the online environment; safety on communication platforms and online games, etc. The training session was organized on July 7, 2025 for the Class of the Future, with 38 students being trained.

II.               Control activity

       Between July and September 2025, NCPDP initiated verification of the compliance of personal data processing operations in 116 cases. During the reference period, 97 decisions were issued, of which 44 cases found a violation of legal provisions, with 36 reports being issued regarding the contravention, which were subsequently submitted to the court for resolution.

III.           Findings of the National Center for Personal Data Protection

1.        The NCPDP examined the complaints of several petitioners from the Gagauzia Autonomous Region, in which they reported receiving several messages mentioning the allocation of financial sources in their names from banks in the Russian Federation.

       During the investigation, all the petitioners claimed that they did not participate in meetings organized by political parties in 2023–2024 and did not transmit their personal data to anyone, and that the social assistance received from the state was provided through the Post Office or through another secure method. Thus, the petitioners assume that members of a political party group would have made registrations on platforms used by banking entities in the Russian Federation, using information obtained from the Directorate of Health and Social Assistance of the Gagauzia Autonomous Region.

       During the inspection, it was determined that, in the context of the operations complained about by the petitioners, the applications/platforms “Centrify”, “Qsms” and “Authentify” are products of companies not headquartered in the Republic of Moldova. At the same time, from the information presented in the public space, including by the competent law enforcement agencies, it was noted that personal data were collected and transferred cross-border to entities in the Russian Federation, namely, entities in this country could make transfers in Russian rubles.

       Based on the circumstances described, from the materials accumulated in the given case, it was not possible to specifically determine the person(s)/entities who transmitted the personal data cross-border in the situations complained of by the petitioners.

       However, it is certain that there has been processing of personal data manifested by their cross-border transmission to a state that does not ensure an adequate level of protection, for purposes that may prejudice the fundamental rights and freedoms of the individual with regard to the personal data protection.

       Thus, in rem, the NCPDP found a violation of the provisions of art. 32 paragraph (5) of Law no. 133/2011 on the personal data protection, in the processing through cross-border transmission of the personal data of the petitioners.

2.         The NCPDP received a complaint from a personal data subject, who requested verification of the legality of the personal data processing operations concerning him, carried out by a company (hereinafter – data controller), through the Real Estate Registry, in accordance with the provisions of Law No. 133/2011 on the personal data protection.

       In these circumstances, the NCPDP initiated the verification of compliance with the provisions of art. 4 para. (1) p. a) and b) and art. 13 of the Law in question, when processing the personal data of the data subject.

       During the examination of the accumulated material, it was found that the data controller consulted the information referring to 3 real estate properties containing data about the owner of the real estate properties; the basis for registration – the name and dates of the act by which the ownership right was acquired.

       Therefore, data processing was to be subject to the consent of the personal data subject and, respectively, to his/her right to decide freely and unequivocally whether or when personal data concerning him/her may be processed by the data controller in compliance with the provisions of Law No. 133/2011 on the personal data protection.

       Moreover, the NCPDP did not consider as well-founded the argument invoked by the data controller that it had consulted the public part of the Real Estate Register, but the public part of the Register does not provide information about the ownership of the real estate and the method of acquiring it.

       Thus, during the investigations, the NCPDP found that the data controller processed the personal data of the data subject without complying with the requirements set out in art. 4 para. (1) p. a) and b) of Law no. 133/2011.

       Subsequently, the data controller did not resolve the data subject’s request regarding the exercise of the right of access, not providing a substantiated/pointed response justifying the personal data processing operations carried out by the latter, including the violation of Article 13 of Law 133/2011. In the case, the NCPDP initiated the contravention procedure.

3.        The NCPDP, initiated proceedings following the receipt of a request from a district councilor, thus examining the case in light of legal powers, namely, investigating an alleged illegal processing of the special category of personal data of data subjects, caused by the inappropriate actions/inactions of the District President.

       Following the accumulation of evidence, it was established that the President of the district issued and signed a response addressed to the district councilors regarding the behavior of medical personnel from some medical facilities in the district.

        To justify the response, the District President attached extracts from the medical records of some patients, containing: name and surname, date of birth, IDNP, home address and information on health status.

       As part of the control initiated by the Control Authority, the District President submitted two declarations of consent signed by some patients, considering that he had a legal basis for data processing.

       However, the NCPDP analysis revealed that consents were obtained from only two data subjects, while the attached documents contained the data of several people. At the same time, the wording in the consents was general and unclear, not meeting the conditions of a valid consent (free, specific, informed, unambiguous).

       Furthermore, the NCPDP revealed that the transmission of medical records to counselors was not necessary and proportionate to the intended purpose, as the verification and subsequent justification of the work schedule of medical personnel in the response to counselors could have been achieved through non-intrusive administrative means.

       As a result of the findings, the NCPDP invoked the following relevant provisions of Law no. 133/2011 on the personal data protection: art. 4 para. (1) p. a), c), e) – processing must be correct, pertinent, not excessive and limited to the purpose; art. 6 para. (1) – prohibits the processing of special categories of data, including those regarding health, with the exceptions expressly provided for by law; art. 29 para. (1) – imposes the obligation to ensure the confidentiality of data and to prevent unauthorized disclosure.

       Therefore, concluding the above, the NCPDP found that the President of the district did not respect the principles of legality, proportionality and confidentiality in the process of processing patient data.

       By transmitting medical records containing sensitive data to counselors, without the consent of the data subjects and without a valid legal basis, an unauthorized disclosure of personal data occurred, which constitutes a violation of the principles of personal data protection. In the case, the NCPDP initiated the contravention procedure.

4.        The NCPDP examined the complaint of a personal data subject, through which he complained about the processing of personal data belonging to him by a company.

       Thus, during the investigation, it was found that the data subject, over a period of time, had concluded a contract with the company in question, however, the personal data processing operations carried out by the controller (legal entity) were carried out automatically, in the absence of the data subject’s consent after the expiry of the contract concluded between them.

       Based on the materials presented by the controller, it was found that the data subject did not give his/her consent to the processing of his/her personal data by the company in question, following the conclusion/closure of the contract, and another legal basis for the processing of personal data, if applicable, was not identified.

       Therefore, through the actions described, the data controller violated the provisions of art. 4 para. (1) p. a), e) and art. 5 para. (1) of Law no. 133/2011. In the case, the NCPDP initiated the contravention procedure.

IV.            Prevention activity

       During the reference period, in order to carry out the advisory tasks, in addition to the multiple answers provided, for advisory purposes, 70 consultations were provided by telephone, via e-mail or at the authority’s headquarters.

V.               International and European news

• Between July 2-3, 2025, representatives of the National Center for Personal Data Protection (NCPDP) participated in the 75th meeting of the International Working Group on Data Protection in Technology (known as the “Berlin Group”), which took place in the city of Tbilisi, Georgia.

       The aim of the event was to bring together international experts in the field of data protection to discuss and analyze the impact of new technologies on privacy and personal data security. During the meeting, participants exchanged good practices, presented national innovations, and addressed emerging challenges such as neurodata, 6G technology, and digital identity, with a view to developing common recommendations to support the improvement of data protection standards at the international level.

       During the two working days, important topics were addressed, such as:

• Neurodata and the implications for privacy;
• The evolution of 6G technology and the related challenges in the field of data protection;
• Digital identity;
• Government digital services and data protection within them (e.g. MY.GOV.GE – the unified portal of electronic services in Georgia);
• National presentations on innovations and good practices in the field of data protection.

       The event represented a valuable framework for the international exchange of experience, strengthening cooperation between supervisory authorities and identifying common directions of action facing new technological challenges, bringing together representatives from 14 countries, as well as delegates from the European Data Protection Supervisor and the Electronic Privacy Information Center.

• On September 11, representatives of the NCPDP participated in the plenary meeting of the European Data Protection Board (EDPB) that took place online. During the plenary meeting, the EDPB adopted the guidance on the interaction between the Digital Services Act (DSA) and the General Data Protection Regulation (GDPR).

       This guide is the first of its kind and aims to ensure consistent application of both regulations, given that some provisions of the DSA involve the processing of personal data. Essentially, the DSA complements the GDPR, guaranteeing the protection of users’ fundamental rights in the digital environment and regulating online services such as search engines and digital platforms.

       The guide details how the GDPR should be applied within the framework of DSA obligations, in areas such as reporting illegal content, automated content recommendations, protection of minors and advertising transparency. They also support cooperation between regulators to provide legal certainty to online service providers and protect users’ rights. The guide will be subject to a public consultation, giving stakeholders the opportunity to provide feedback.

VI.            Other data protection authorities

• On June 23, 2025, The Polish Data Protection Authority issued a final decision imposing administrative fines of EUR 4,022,773 on McDonald’s Polska and EUR 43,680 on 24/7 Communication for violating Article 5 (Principles related to the processing of personal data), Article 24 (Responsibility of the controller), Article 25 (Data protection by design and by default), Article 28 (Processor), Article 32 (Security of processing), Article 34 (Communication of a personal data breach to the data subject) and Article 38 (Position of the data protection officer) of the GDPR.

        McDonald’s Polska LLC notified a data security breach, as a controller, finding that the following data of its employees and franchisees were included in the shared file in the public catalogue: names, personal identification numbers (PESEL numbers), passport numbers (if the PESEL number is not available), McDonald’s restaurant number, date and time of starting work, date and time of ending work, number of hours worked, holidays, type of work, etc.

       The investigation found that neither the controller (McDonald’s Polska) nor the processor (24/7 Communication) had conducted a risk analysis and had not implemented sufficient technical and organizational measures to protect personal data. Furthermore, the data protection officer was not properly involved, and the audit and monitoring obligations of the partners were not respected.

       The Polish SA emphasized that the responsibility for data protection lies with both companies that collect and manage personal data and their contractual partners. Security measures must be constantly checked and updated, not just at the beginning of data processing.

        In this context, the Polish SA imposed an administrative fine of 4 022 773 euros on McDonald’s Polska LLC and 43 680 euros on 24/7 Communication LLC.

• The Italian parliament has adopted a new law on artificial intelligence (AI), becoming the first country in the European Union to have comprehensive AI regulations aligned with EU law. The law aims to promote “human-centric, transparent and safe use of AI”, with a focus on “innovation, cybersecurity and privacy protection”.

       The new legislation provides:

• Prison sentences (1–5 years) for the illegal dissemination of AI-generated content (such as deepfakes) when it causes harm; harsher penalties if the technology is used for fraud or identity theft.
• Protection of minors: children under 14 will only be able to use AI applications with parental consent.
• Strict transparency and human oversight rules for the use of AI that will regulate how the technology is used in the workplace and in sectors such as health, education, justice and sports.
• Copyright: works created with the help of AI are protected only if there is a real intellectual contribution; automatic analysis of texts and data will only be allowed for free content or for scientific research carried out by authorized institutions.
• Financial support: The government is allocating up to €1 billion (£870 million) from a state-backed fund for equity investments in small and medium-sized enterprises, as well as large companies active in the fields of artificial intelligence, cybersecurity, quantum technologies and telecommunications.

       The government designated the Agency for Digital Italy and the National Cybersecurity Agency to enforce the legislation, which received final approval in parliament after a year of debate.

       On November 12-13, 2025, representatives of the National Center for Personal Data Protection (NCPDP) participated in the Moldova Cyber ​​Summit 2025: Stronger Together, an event dedicated to strengthening digital resilience and international cooperation in the field of cybersecurity.

       The summit explored the strategic, technical and human dimensions of cybersecurity, transforming local and international lessons into concrete actions and highlighting Moldova’s growing role as a regional leader in cyber resilience and European integration.

       Victoria Muntean, Director of NCPDP, delivered a welcoming message at the opening of the summit, noting that, “cyber threats know no borders, and data protection and digital resilience can only be achieved through joint efforts of all — data controllers from the public and private sectors, civil society and international partners. The Republic of Moldova is strengthening, with responsibility and determination, its status as a credible regional partner in the field of cybersecurity and personal data protection, constantly advancing on the path of harmonizing these priority areas with European standards. In this context, today’s event is a significant stage in the process of digital modernization based on trust, transparency and responsibility.”

Several topics were addressed during the summit, such as:

• Strengthening Moldova’s national cybersecurity governance and institutional capacity;
• Supporting legislative and operational alignment with European standards;
• Sharing regional and international experiences in safeguarding critical systems, individuals and democratic processes;
• Promoting public trust and fostering partnerships among government, the private sector and international allies.

       The event brought together over 150 leaders and experts from government institutions, critical infrastructure sectors, the European Union, NATO and the cybersecurity community, and was organized by the E-Governance Academy (eGA), in partnership with the Ministry of Economic Development and Digitalization of the Republic of Moldova, and funded by the European Union through the Moldova Cybersecurity Rapid Assistance project.

       On November 6, 2025, the National Center for Personal Data Protection (NCPDP) organized a training session in the field of personal data protection for representatives of the Superior Council of Magistracy (SCM), at their request.

       The main goal of the activity was to develop the professional skills of the participants in order to correctly and uniformly apply the legal framework regarding the protection of personal data, as well as to consolidate an institutional culture based on responsibility, transparency and respect for the private life of the person.

       Important topics were discussed during the event, such as: defining general notions related to the field of personal data protection; the rights of personal data subjects; requirements regarding the protection of personal data in the exercise of official duties; ensuring the security and confidentiality of processed personal data; examining requests for disclosure of personal data; access to information of public interest from the perspective of the legislation on the protection of personal data, etc.

       The participants appreciated the practical nature of the training, emphasizing the usefulness of the knowledge acquired in the current activity of the SCM and the judicial system as a whole. Following the session, they became aware of the importance of applying the principle of responsibility, continuous risk assessment, and implementing appropriate technical and organizational measures to protect personal data processed within the institution. The training session also provided a framework for dialogue between NCPDP specialists and SCM representatives, facilitating the exchange of good practices and the analysis of concrete situations encountered in daily activity.

       Among the conclusions highlighted following the training session are: recognition of the essential role of data protection as an integral part of good governance and public trust in justice institutions; the need for continuous staff training to meet the challenges brought by technological and legislative developments; the importance of a proactive and preventive approach to data management, which reduces the risks of violating the rights of data subjects.

       By conducting this training session, NCPDP reaffirms its commitment to supporting public institutions in the process of implementing legal requirements regarding data protection, providing methodological support and continuous professional training to strengthen a sustainable compliance and security system. Such activities contribute to the creation of an institutional environment based on trust, ethics and respect for fundamental human rights, indispensable elements for the proper functioning of the rule of law.

       During the event, moderated by experts in the field of personal data protection from the NCPDP, 40 representatives of the SCM were trained.

       On November 5, the National Center for Personal Data Protection (NCPDP) continued its information and awareness campaign for the school community, organizing the training session “Personal data protection and children’s safety in the online environment” for the Public Institution “Universul” Theoretical High School in Chisinau. The event took place during the Personal Development class, the target audience being students of the 4th grade “B”.

       The main objective of the training session was to familiarize children with the notion of personal data, understand its value, and raise awareness of the risks they may be exposed to when providing information about themselves online. Through an approach adapted to the age of the participants, the NCPDP trainers managed to create a dynamic and interactive educational framework, based on dialogue, thematic games, case studies and real-life examples.

       Students were challenged to determine the types of data that need to be protected (name, photo, address, phone number, etc.) and to identify safe and unsafe behaviors in their daily internet activities. They also learned how to react when receiving messages from unknown people, how to create secure passwords, how to manage information published on social networks, and why it is important to ask for support from parents or teachers in uncertain situations.

       During the activities, the trainers emphasized the development of students’ critical thinking, encouraging them to analyze the consequences of their actions in the digital environment and to understand the connection between privacy, safety, and respect for themselves and others. Through educational games and open dialogue, children learned that the protection of personal data is not just an imposed rule, but a form of care for their own lives and for other internet users.

       At the end of the training session, students realized that personal data is an important part of their identity and must be carefully protected; not all information should be shared online, even if it seems harmless; digital safety starts with simple gestures: secure passwords, caution in communication and attention to posted content; it is essential to talk to trusted adults when facing unusual or uncomfortable situations on the internet.

       Through this activity, students acquired practical knowledge and understood that responsibility for the protection of personal data is a skill that must be formed from childhood.

       The event was organized at the initiative of the National Council for the Protection of Children and Youth, training 37 students. At the same time, the information materials, as well as the gifts offered to the students, were developed with the support of the United Nations Children’s Fund (UNICEF).

       It should be noted that the information and awareness campaign for the school community was launched on April 15, 2022, and the NCPDP aims to continue this training format both in school institutions in Chisinau and in those in the districts of the republic. Through such actions, NCPDP reaffirms its commitment to contributing to the formation of a culture of data protection from an early age, promoting children’s safety in the online environment and strengthening partnerships with educational institutions across the country.

       On October 31, 2025, the National Center for Personal Data Protection (NCPDP) organized a training session in the field of personal data protection for employees of the Ministry of Finance (MF), at their request.

       The purpose of the training session was to train and develop the professional skills of MF employees in the field of personal data protection, through a practical and applied approach, adapted to the specifics of their activity. The training aimed at in-depth understanding of the fundamental principles of data processing, identifying the responsibilities of the institution as a data controller, as well as preventing risks related to improper access, use and storage of information containing personal data.

       Important topics were discussed during the event, such as: the definitions of  general notions related to the field of personal data protection; the rights of personal data subjects; the requirements regarding the protection of personal data in the exercise of official duties; ensuring the security and confidentiality of processed personal data; the examination of requests for disclosure of personal data;  the access to information of public interest from the perspective of the legislation on the protection of personal data, etc.

       The training session highlighted the fact that data protection is not just a formal requirement, but an essential component of modern governance, which contributes to ensuring transparency, strengthening institutional accountability and increasing public trust in the authority’s work.

       By actively participating in the training, MF employees demonstrated increased interest in improvement and openness to the application of compliant and ethical practices, as well as understanding the importance of a proactive approach in the field of data protection, recognizing that respecting confidentiality and the right to privacy is not only a legal obligation, but also an essential element of public trust.

       Following the activity, participants became aware of the importance of applying the principle of data minimization in all institutional processes and the need for constant risk assessment and implementation of appropriate security measures. At the same time, they understood the value of individual and collective responsibility in managing personal data and recognized that continuous professional training is an essential element of compliance and efficient and transparent governance.

       By carrying out this activity, NCPDP reaffirms its firm commitment to supporting public institutions in developing the professional capacities necessary to implement efficient and sustainable protection of personal data.

       Such training sesssions contribute not only to improve administrative practices, but also to strengthen an institutional climate based on ethics, responsibility and respect for fundamental human rights.

       During the event, 30 representatives of the Ministry of Finance were trained.

       On November 4, 2025, the National Center for Personal Data Protection (NCPDP) organized a training session in the field of personal data protection for the employees of the Leova Police Inspectorate, according to the training plan within the GIP subdivisions for 2025, approved and signed by the heads of the NCPDP and GIP on January 28 of this year.

       The purpose of the training session was to increase the level of perception of the employees of the Leova Police Inspectorate on the principles of personal data protection, as well as on ensuring the correct application of the legal provisions in the field, in the activity they carry out.

       Important topics were discussed during the event, such as: the definitions of general notions related to the field of personal data protection; the rights of personal data subjects; the processing of special categories of personal data; the legal way of processing personal data in the activity carried out by police bodies; the requirements regarding the protection of personal data in the exercise of official duties; ensuring the security and confidentiality of processed personal data, etc.

       For the representatives of the Leova Police Inspectorate, this training session proved to be particularly relevant, contributing to increasing awareness of institutional responsibility and the essential role of personal data protection in police activity.

       Following the training, the participants became aware of the need to protect citizens’ personal data in all operational processes; they understood the importance of applying the principle of data minimization and collecting only the information strictly necessary for the intended purpose; they recognized the role of risk assessment and the implementation of appropriate security measures to prevent unauthorized processing incidents and appreciated the value of continuous training as a tool for strengthening the organizational culture based on confidentiality, ethics and responsibility.

       Through this activity, NCPDP reaffirms its commitment to support the continuous training of employees of public institutions and to promote a culture of data protection, aimed at ensure respect for the fundamental rights of the individual. The training held at the Leova Police Inspectorate demonstrates once again the importance of collaboration between the NCPDP and law enforcement institutions, in order to ensure correct, legal and secure processing of personal data, in the interest of citizens and society.

       During the event, 36 representatives of the Leova Police Inspectorate were trained.