On February 23, 2026, the National Center for Personal Data Protection (NCPDP) organized and conducted a training session for employees of the Customs Service, following a request submitted by them.

       The training course aimed to strengthen the institutional capacities of Customs Service representatives in the field of personal data protection by deepening their theoretical and practical knowledge of the relevant national regulatory framework, the principles of personal data processing, safeguards for the rights of data subjects, as well as the responsibilities of data controllers and data processors.

       The session addressed key issues concerning the legality and grounds for processing personal data in the exercise of the Customs Service’s functional duties, the application of the principles of proportionality and data minimization, ensuring the confidentiality and security of processed information, the management of security incidents, as well as mechanisms for cooperation with the supervisory authority.

       In addition, case studies relevant to the specific nature of customs activities were analyzed, including situations involving the exchange of data with other national and international public authorities, the use of automated information systems, as well as data processing in the context of customs control and fraud prevention. The focus was on identifying the risks associated with the processing of personal data and on implementing appropriate technical and organizational measures to prevent violations of relevant legislation.

       In the context of the Customs Service’s operational responsibilities, which involve the processing of a considerable volume of personal data, including sensitive data, the training emphasized the importance of integrating the principle of accountability into all operational processes, as well as the need for proper documentation of processing operations.

       Among the learnings from the course are:

•  the need for a prior assessment of risks to the fundamental rights and freedoms of individuals when implementing new procedures or information systems;
• strengthening the organizational culture regarding data protection;
• the designation and active involvement of the data protection officer in decision-making processes;
• ensuring ongoing training for staff responsible for data processing.

       The training highlighted the essential role of continuing professional development in preventing security incidents and ensuring compliance with applicable legal regulations. At the same time, it contributed to the standardization of internal practices and the consolidation of an operational framework compatible with national and international standards in the field of data protection.

       The NCPDP reiterates its willingness to provide methodological and advisory support to public authorities for the correct and uniform implementation of personal data protection legislation, emphasizing that the effective protection of the right to privacy is a fundamental condition for the lawful and transparent exercise of official duties.

       During the event, 145 customs officials were trained.

       On March 5, 2026, the National Center for Personal Data Protection (NCPDP) held a training course for employees of the Ialoveni Police Inspectorate (IP), an activity organized in accordance with the Training Plan within the subdivisions of the General Inspectorate of Police (GIP) for 2026. The respective Plan was approved and signed by the heads of the two institutions on January 28, 2026, with the objective of strengthening the level of knowledge and application of the regulatory framework in the field of personal data protection in the activity of police bodies.

       The purpose of the training was to strengthen the professional capacities of IP Ialoveni employees regarding the legal, responsible and secure processing of personal data, in the context of exercising their job duties, as well as in preventing possible violations of the legislation in the field.

       The training session addressed theoretical and practical aspects regarding:

• the fundamental principles of personal data processing;
• the legal grounds for data processing in the activity of law enforcement bodies;
•  the responsibilities of controllers and processors in the data processing procedure;
• the technical and organizational measures necessary to ensure data security;
• best practices and case studies on managing situations involving personal data in police activity.

       At the same time, participants had the opportunity to analyze concrete examples and practical situations encountered in the current activity of police bodies, highlighting the legal and institutional risks that may arise in the event of non-compliance with legal requirements regarding data protection.

       The lessons learned during the training focused, in particular, on the need to integrate data protection principles from the very beginning of operational processes, the proper application of rules regarding data access, storage and transmission, as well as strengthening each employee’s individual responsibility in managing information containing personal data.

       Conducting these training sessions helps to improve institutional compliance and strengthen an organizational culture based on respect for the right to privacy and data protection—aspects that are essential to the work of law enforcement bodies.

       By organizing these activities, the NCPDP reaffirms its commitment to supporting public authorities in the proper implementation of the legal framework for the protection of personal data by providing methodological support, training and the exchange of best practices.

       During the event, 63 representatives of the Ialoveni Police Inspectorate of GIP were trained.

       On February 27, the National Center for Personal Data Protection (NCPDP) conducted a training course for employees of the Călărași Police Inspectorate (IP). The activity was carried out in accordance with the Training Plan for the subdivisions of the General Police Inspectorate (GIP) for 2026, a plan approved and signed by the heads of the NCPDP and the GIP on January 28 of this year.

       The main objective of the training was to strengthen participants’ knowledge and understanding of the national regulatory framework for personal data protection, as well as to develop the practical skills of IP Călărași employees to ensure the correct and consistent application of legal provisions in data processing while performing their duties. At the same time, the training aimed to prevent risks of violating personal data protection legislation and to increase institutional accountability regarding the fundamental rights and freedoms of data subjects.

       The session covered the following topics:

• the fundamental principles of personal data processing (lawfulness, fairness, transparency, proportionality, and data minimization);
• the legal grounds applicable to police activity;
• the rights of data subjects and the means of ensuring their effective exercise;
• the obligations of data controllers and processors;
• the technical and organizational measures necessary to ensure data security;
• procedures for reporting and managing security incidents.

       As a result of the training, the following key takeaways were identified: the need for clear documentation of data processing operations; the importance of conducting a prior risk assessment for the processing of sensitive data; strict adherence to the principle of proportionality in the collection and use of data and the establishment of effective internal mechanisms for compliance monitoring and control.

       By organizing these activities, the NCPDP reaffirms its commitment to promoting an institutional culture based on legality, accountability and compliance with national and international data protection standards, as well as to strengthening inter-institutional cooperation in order to ensure an adequate level of data protection.

       During the event, 55 representatives of the Călărași Police Inspectorate were trained.

       On February 26, 2026, the National Center for Personal Data Protection (NCPDP) organized a training session on personal data protection for representatives of the Public Institution for the Real Estate Cadastre (IP CBI), following a request submitted by them.

       The main purpose of the training was to strengthen participants’ theoretical and practical knowledge regarding the correct and uniform application of national legislation on personal data protection, particularly in the specific context of the activities carried out by the IP CBI, which involve the processing of a significant volume of personal data, including highly sensitive data.

       During the training, key topics were covered, including:

• the fundamental principles of personal data processing;
• the legal grounds for data processing in the activity of the IP CBI;
• the obligations of data controllers, including those related to ensuring data security and confidentiality;
•  the rights of data subjects and institutional measures to ensure their compliance;
• legal liability for violations of personal data protection regulations.

       Particular emphasis was placed on analyzing practical examples and specific situations encountered in the institution’s day-to-day operations, such as access to cadastral data, disclosure of information to third parties, setting retention periods and implementing appropriate technical and organizational measures. Participants asked numerous questions, to which they received well-reasoned answers based on the applicable legal framework, clarifying practical situations that could lead to compliance risks.

       The importance of this training lies in ensuring a high level of protection for the fundamental rights and freedoms of individuals, particularly the right to privacy, as well as in strengthening an institutional culture of data protection within the IP CBI. At the same time, the training contributed to preventing security incidents, reducing the risk of legal violations and establishing a unified and consistent practice in this area.

       As a result of participating in the course, IP CBI representatives gained a thorough understanding of their obligations as a personal data controller, as well as enhanced skills in identifying and properly managing situations involving data processing, in accordance with applicable legal requirements.

       The NCPDP reaffirms its willingness to support public authorities and data controllers in the process of properly implementing personal data protection legislation through training, guidance and specialized methodological assistance.

       During the event, 70 representatives from the territorial subdivisions and central staff of the IP CBI, as well as from the Agency for Geodesy, Cartography, and Cadastre, were trained.

       Every year, on January 28, the European community celebrates “European Data Protection Day”, a landmark event, supported by the European Commission, which promotes the right to privacy and the protection of personal data. This day represents a moment of reflection on the importance of protecting information containing personal data in the digital age and provides an opportunity to strengthen awareness at the societal level regarding the fundamental rights of citizens.

       European Data Protection Day is important not only for the member states of the Council of Europe, but also for the entire global community involved in the field of data protection. In a time when personal information is processed and stored on a large scale, compliance with the principles of confidentiality and security becomes essential for protecting privacy and preventing data misuse.

       On this occasion, the National Center for Personal Data Protection (NCPDP) annually organizes a series of activities aimed at raising citizens’ awareness, promoting good practices in data protection and providing practical guidance to prevent situations of non-compliant processing of personal data.

       These activities also include street actions, through which NCPDP brings information directly to the community and interacts with the general public.

       In this context, on January 26, NCPDP employees carried out a street action in front of the Arc de Triomphe in Chisinau, distributing information materials to passersby and explaining the importance of personal data protection. Citizens were informed about the notion of personal data, the rights of data subjects, the security and confidentiality measures that must be respected, as well as the fundamental principles of data protection. In addition, citizens received practical recommendations on actions to be taken in the event of non-compliant processing of their personal data

       Such initiatives play a key role in educating the public, motivating citizens to be more attentive to how their data is collected and used. NCPDP aims to continue organizing information and awareness-raising actions this year, contributing to building a solid culture of personal data protection in the Republic of Moldova and creating a safe and informed environment, in which data protection is a priority for the entire community.

       Annually, on January 28, the european community celebrates European Data Protection Day, an important milestone for promoting the fundamental right to privacy and the protection of personal data. The year 2026 marks the 20th edition of this day and 45 years since the adoption of Convention No. 108 for the Protection of Individuals with regard to Automatic Processing of Personal Data, signed in Strasbourg on January 28, 1981.

       The purpose of Convention No. 108 is to guarantee, in the territory of each State Party, to every natural person, regardless of nationality or residence, respect for fundamental rights and freedoms, in particular the right to privacy with regard to the processing of personal data.Through its modernization, Convention 108+ remains an essential legal instrument, adapted to the challenges generated by technological developments and digital transformation.

       European Data Protection Day is a very special day not only for the member states of the Council of Europe, but also for the entire global data protection community and, above all, for every individual whose rights are protected by this fundamental regulatory framework.

       In this context, the member states of the Council of Europe, as well as other partner states and institutions, annually organize public activities and events dedicated to raising society’s awareness of the importance of the field of personal data protection. The National Center for Personal Data Protection (NCPDP) marks this day alongside european institutions by promoting accountability and best practices in prevention, intervention and support.

       In recent years, the Republic of Moldova has made significant progress towards achieving the national objective of ensuring an adequate level of data protection, in accordance with European Union and Council of Europe standards. These efforts directly aim to guarantee the fundamental rights and freedoms of individuals, in particular the right to privacy in the context of the processing of personal data.

       A key moment in this journey is the publication, on August 23, 2024, in the Official Gazette of the Republic of Moldova, of Law No. 195/2024 on the protection of personal data, a normative act that transposes the provisions of Regulation (EU) 2016/679 – General Data Protection Regulation (GDPR). Law No. 195/2024 is set to enter into force in August 2026, marking the transition to a modern, coherent and harmonized legal framework with european requirements.

       In the context of celebrating European Data Protection Day, NCPDP reaffirms its commitment to supporting both the public and private sectors in the preparation process for the application of the new legal provisions. Information, training and institutional dialogue activities remain priorities to ensure efficient and responsible implementation of the new regulatory framework.

       At the same time, strengthening inter-institutional collaboration at the national level constitutes a strategic direction of action, in order to amplify efforts to raise awareness among society regarding the importance of personal data protection and the correct and uniform application of legislation in the field by all actors involved in data processing.

       The role of the NCPDP, as a national supervisory authority, is becoming increasingly important in the context of accelerated digital transformation. The annual marking of European Data Protection Day represents a relevant opportunity to bring to the public’s attention the importance of respecting data protection principles, the right to privacy and the right to the protection of personal data, as fundamental elements of a democratic and resilient society.

       The National Center for Personal Data Protection (NCPDP) continues to promote and strengthen inter-institutional collaboration in order to ensure a high level of protection of the rights of individuals with regard to the processing of personal data. Recognizing the importance of correct information and rigorous application of the legislation in the field, NCPDP, represented by Director Victoria MUNTEAN, signed, on January 28, 2026, two training Plans in the field of personal data protection: with the General Inspectorate of Police (GIP), represented by Chief Viorel CERNĂUȚEANU, and with the General Inspectorate of Border Police (GIBP), represented by Chief Ruslan GALUȘCA.

       The training plans are intended for the staff of the structural subdivisions of the GIP and GIBP and aim to develop an in-depth understanding of the fundamental principles of personal data protection. The main objective of this initiative is to increase employees’ awareness of their legal responsibilities and to ensure the correct and uniform application of legal provisions in daily activity.

       The planned training will be conducted offline, directly within the targeted subdivisions, thus facilitating an interactive learning process adapted to the specifics of each institution. The plans were developed and approved by mutual agreement, reflecting the parties’ commitment to professionalism, responsibility and compliance with the principles of personal data protection.

       Strengthening inter-institutional cooperation remains a strategic priority of the NCPDP for 2026. This aims both to intensify information and awareness-raising actions in society regarding the importance of the field of personal data protection, and to ensure a high level of interpretation and correct application of the legislation by all institutions involved in data processing. Through these actions, NCPDP aims to create a solid and coherent data protection framework, which supports both authorities and citizens in the responsible management of information containing personal data.

       The signed training plans are part of the activities planned in the context of the 20th edition of the European Data Protection Day, thus marking the continued commitment of the institutions involved to promoting the values ​​of transparency, accountability and personal data protection at the national level.

       On January 28, 2026, the National Center for Personal Data Protection (NCPDP) organized the National Conference “Implementation of the legal framework on data protection: challenges, benefits, resilience”, a landmark event dedicated to strengthening the personal data protection framework in the Republic of Moldova, in the context of its european integration path.

       The conference is organized also in the context of the Republic of Moldova’s exercise of the Presidency of the Committee of Ministers of the Council of Europe, marking the state’s responsibility and commitment to actively contribute to the consolidation of the European legal space based on respect for human rights, the rule of law and high standards of protection of privacy and personal data.

       The event took place at a crucial moment for the Republic of Moldova, as a candidate state for integration into the European Union, marked by the adoption of Law No. 195/2024 on the protection of personal data, which will enter into force on August 23, 2026 and which transposes the General Data Protection Regulation (GDPR). The new law establishes a modern data protection regime, applicable to both the public and private sectors, contributing to strengthening the fundamental rights of individuals and increasing trust in digital processes.

       At the opening of the conference, the Director of the NCPDP, Victoria MUNTEAN, emphasized that „the protection of personal data is not only a legal obligation, but a key element of the protection of human rights, digital resilience, cybersecurity and citizens’ trust in state institutions. In a context marked by accelerated digitalization and increasing cyber risks, the correct and coherent application of data protection rules becomes an essential condition for the sustainable and secure development of society.”

       The conference brought together representatives of public authorities, the business environment, national and international experts in the field of data protection and cybersecurity, as well as european partners, reflecting the interdisciplinary nature of the topic addressed.

       The event had as its main purpose to support public authorities and the private sector in the preparation process for the implementation of Law No. 195/2024, through:

• strengthening compliance with new legal obligations;
• clarifying the roles and responsibilities of data controllers, processors and data protection officers;
• promoting european best practices in supervision, control and sanctioning;
• highlighting the link between data protection, cybersecurity and risk management.

       The conference agenda included plenary sessions and four thematic panels, focused on:

• operationalization of compliance and record-keeping of processing activities;
• application of the principles of „Privacy by Design” and „Security by Design”;
• exercise of data subjects’ rights, risk prevention and data protection impact assessment;
• control procedures, liability mechanisms and sanctions in EU candidate countries.

       The debates benefited from the contributions of experts from European Union member states, including Estonia, Latvia, Lithuania and Romania, as well as interventions from representatives of the private sector and the IT sector, providing participants with practical perspectives and applicable solutions in the process of implementing the new legislation.

       An interactive online tool allowed for the active involvement of participants, facilitating the asking of questions and the exchange of opinions in real time, thus contributing to an open and constructive dialogue.

       The conference highlighted that the effective implementation of the legal framework on data protection is an essential condition for strengthening cross-border cooperation, for the secure exchange of data with european entities and for the integration of the Republic of Moldova into the EU’s digital single market.

       NCPDP reaffirms its commitment to continue the dialogue with public authorities, the private sector and international partners, in order to ensure a coherent, proportionate and efficient application of the new legislation in the field of data protection.

       The event was organized by the National Center for Personal Data Protection, with the support of the project „Improving cyber resilience in Eastern Partnership countries”, implemented by the e-Governance Academy (eGA) and funded by the European Union, as well as with the support of the European Union Partnership Mission to the Republic of Moldova (EUPM Moldova).

       NCPDP thanks all partners and participants for their valuable contribution to the success of the conference and for the common commitment to building a modern, secure and european framework for the protection of personal data in the Republic of Moldova.

       Between January 19 and 21, representatives of the National Center for Personal Data Protection (NCPDP) conducted a study visit entitled “Mechanisms for exercising control and establishing pecuniary sanctions”, held in the Republic of Estonia.

       The purpose of the event was to adopt european best practices regarding control mechanisms, the application of corrective measures and the establishment of pecuniary sanctions in the field of personal data protection, as well as to strengthen the professional capacities of NCPDP employees in the context of the development of european digital law and digital transformation.

       The visit agenda included working sessions and meetings with relevant institutions in Estonia, opening with a presentation by the e-Governance Academy (eGA), focused on the impact of e-governance projects at the international level, the activities carried out in the Republic of Moldova and the objectives of the study visit program.

       At the same time, the NCPDP delegation had a meeting with representatives of the State Information Systems Authority (RIA), the institution responsible for managing critical IT services at the national level.

       The discussions focused on the management of cyber incidents involving personal data, as well as inter-institutional cooperation in the field of cybersecurity and personal data protection.

       An important point of the visit was the meeting with representatives of the Estonian Data Protection Inspectorate, during which aspects related to institutional control mechanisms and supervisory procedures were analyzed, including planning and prioritizing inspections based on risk criteria, types of controls performed (on-site inspections, documentary checks, thematic investigations), initiating investigations based on complaints, self-referrals, as well as internal cooperation between investigative, legal and IT structures.

       At the same time, the discussions focused on the procedures for finding violations and applying pecuniary sanctions, including the stages of the sanctioning process, the criteria for assessing the seriousness of the facts, the application of the principle of proportionality, the mechanisms for calculating fines, the means of appeal, the collection and enforcement of sanctions, inter-institutional and cross-border cooperation, the use of digital tools in supervision, preventive and educational measures, as well as good practices and lessons learned from relevant cases handled by the Estonian authority.

       The agenda also included a meeting with representatives of the Chancellor of Justice Office of Estonia, addressing topics related to the role and powers of this institution, its involvement in procedures aimed at the protection of personal data and the use of digital technologies in the exercise of the institutional mandate.

       The study visit provided a valuable framework for the exchange of experience, the analysis of advanced practices and the consolidation of institutional cooperation, contributing to strengthening the capacities of the NCPDP for the effective enforcement of personal data protection legislation.

       The study visit was organized with the support of the EU’s Cybersecurity Rapid Assistance 2.0 project, implemented by the Estonian E-Government Academy.

       The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine of 1.8 million euros imposed by the Finnish Data Protection Authority (SA) on the company S-Bank for violating Article 5 (Principles related to the processing of personal data), Article 25 (Data protection by design and by default) and Article 32 (Security of processing) of the GDPR.

       Following the notification sent by S-Bank in August 2022, the Finnish SA initiated an investigation into a security breach that affected a significant number of the bank’s customers. The vulnerability appeared in April 2022, with the launch of a new authentication mechanism. Due to a software error in the authentication service, logging into online banking and accessing digital services using strong authentication was possible using the login details of other customers. This technical failure remained exploitable for more than three months, and some customers were directly affected.

       Following the investigation, it was found that the bank lacked adequate security measures and appropriate technical and organizational controls. Deficiencies include: insufficient testing of new functionalities before implementation; failure to identify vulnerabilities during development and testing, and inadequate response to customer reports of authentication anomalies.

       In this context, the Finnish SA imposed an administrative fine of EUR 1.8 million on the controller for violating the provisions of Articles 5(1)(f), 25(1), 32(1) and 32(2) of the GDPR and issued a reprimand for non-compliance with data protection legislation.

       When determining the amount of the fine, the Finnish SA took into account the need to protect the rights of the individuals concerned, the overall seriousness of the incident, as well as the fact that the bank had previously been warned about its obligations. The fine was also adjusted in the context of a separate sanction issued in May 2025 by the Finnish Financial Supervisory Authority, which imposed a fine of 7,670,000 euros on S-Bank for deficiencies in operational risk management in relation to the same set of events.

       NCPDP, as the national supervisory authority for the processing of personal data, emphasizes the responsibility of personal data controllers to comply with the provisions of the legislative framework on the protection of personal data and to ensure that personal data processing operations comply with the legislation in force.