National Center for the Personal Data Protection – 18 years of activity!
On July 10, the National Center for Personal Data Protection (NCPDP) marks 18 years of activity, during which the institution has constantly strengthened its role as a national supervisory authority in the field of personal data protection and guarantor of respect for the fundamental right to private life.
During these 18 years, the field of data protection experienced a significant evolution, determined by accelerated digital transformations, the exponential increase in the volume of processed data and the need to ensure a coherent and uniform application of the normative framework. In this context, the NCPDP has contributed to strengthening a culture of compliance and accountability in data protection, including by promoting the necessary balance between the right to the personal data protection, the right of access to information and freedom of expression.
In exercising its legal mandate, as an autonomous, independent and impartial public authority, the NCPDP reaffirms its mission to ensure the protection of the fundamental rights and freedoms of natural persons, in particular with regard to the processing of personal data and cross-border data transfers.
„In a context characterized by the acceleration of digitization processes and the widespread use of personal data in all sectors, data protection is becoming a structural element of trust and the democratic functioning of society. Respect for private life is a fundamental principle, with the value of legal and institutional guarantee. The entry into force, on 23.08.2026, of Law no. 195/2024 on personal data protection constitutes a major landmark in the consolidation of the national normative framework and in its alignment with European standards in the matter. The new legal framework strengthens data protection guarantees and contributes to strengthening trust in relations between individuals, public authorities and the private sector. In this sense, the NCPDP reaffirms its commitment to ensure the effective implementation and application of the new legal provisions, as well as to guarantee respect for the fundamental rights of the persons concerned, in a digital environment that is constantly transforming. The personal data protection remains an essential component of the rule of law and a democratic society, based on respect for private life and human dignity”, said Ms. Victoria Muntean, director of NCPDP.
The main achievements in the 18 years of activity
During its 18 years of activity, the NCPDP has accumulated valuable experience and achieved significant progress, such as:
Harmonization of the national legislative framework
One of the most important recent results of the institutional activity is the process of harmonizing the national legislative framework in the field of personal data protection, carried out in order to align it with the standards of the European Union and the Council of Europe and to ensure a high and effective level of protection of fundamental rights.
In this context, a major progress, with a reference value for the development of the national data protection system, is the adoption of Law no. 195/2024 on personal data protection. This normative act transposes the provisions of Regulation (EU) 2016/679 (GDPR) and marks a decisive stage in the modernization and consolidation of the national legal framework in the field.
The law establishes a consolidated legal regime for data protection, strengthens guarantees for data subjects and creates the conditions for a more coherent and effective application of European data protection principles. Its entry into force, on August 23, represents a reference moment in the evolution of the national personal data protection system and confirms the firm commitment of the Republic of Moldova to align with European standards.
At the same time, by Law 36/20.03.2026 and publication in the Official Gazette of the Republic of Moldova, the Protocol amending the Convention for the protection of individuals regarding the automated processing of personal data was ratified.
The purpose of this Protocol is to modernize the international framework in the field of personal data protection, in order to ensure a high level of protection of the fundamental rights and freedoms of natural persons, especially the right to private life, in the context of technological developments and the globalization of data flows.
Likewise, on 07/09/2026, the Parliament of the Republic of Moldova adopted in the first reading the draft law on personal data protection processed for the purpose of preventing and combating crimes.
This normative act transposes Directive (EU) 2016/680 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data, and repealing Council Framework Decision 2008/977/JHA, in national legislation and establishes specific rules for competent authorities (such as criminal investigation bodies and courts) that manage data in prevention, investigation or prosecution activities.
Monitoring and ensuring compliance
NCPDP continuously exercises its legal mandate of supervision and control over the way in which public and private sector controllers process personal data, with the aim of ensuring compliance with the applicable normative framework and the effective protection of the fundamental rights and freedoms of data subjects.
In exercising these powers, the authority uses specific supervisory and control tools, including: examining complaints submitted by data subjects; initiating and conducting controls; investigating reports received, including from public authorities.
The surveillance activity reveals a constant trend of increasing the number of complaint addressed to the authority, which reflects both an increased level of awareness of rights by the persons concerned and the intensification of data processing in the public and private environment.
From the perspective of content, the most frequent situations reported concern:
- Processing of personal data by means of video/audio surveillance systems;
- Processing of personal data in the absence of the consent of the data subject and/or the legal basis, including the processing of personal data from state information resources;
- Processing of personal data by disclosure on social networks;
- Realization of the rights of personal data subjects (information, access, intervention, opposition), etc.
Outreach activities and training
NCPDP has made significant progress in strengthening activities to promote personal data protection among the general public, by intensifying information, education and awareness actions at the national level.
The institution continued the information and awareness campaign of the school community, organized street actions with different themes, as well as an extensive number of training sessions with physical presence, online and hybrid, addressed to a record number of entities.
In this context, NCPDP also carried out the information campaign „Protect personal data: Be vigilant in the face of telephone fraud”, with the objective of informing citizens about the risks associated with telephone fraud and attempts to fraudulently obtain personal data. Activities included the development and distribution of information leaflets to the general public, informing citizens of the risks associated with telephone fraud, the main operating methods used by criminals and the necessary precautions to prevent unauthorized disclosure of personal data. The information materials provided practical recommendations on verifying the identity of interlocutors, avoiding the provision of sensitive information by telephone and using the official communication channels of public and private institutions.
National and international cooperation
The dimension of national and international cooperation has been constantly strengthened, reflecting the commitment of the NCPDP to align with international standards and good practices in the field of personal data protection.
In this sense, the institution actively participated in the plenary meetings of the European Data Protection Board (EDPB), as well as in the activities carried out under the auspices of the Council of Europe, contributing to the exchange of experience and the development of a convergent approach at European level in the field of data protection.
The status of the Republic of Moldova as an observer within the EDPB represents an essential element of the process of approaching European Union standards, facilitating better integration in cooperation and coordination mechanisms at the European level.
At the same time, during the reference period, cooperation relations were strengthened by signing 21 agreements at the national level and 10 international agreements with relevant authorities in Europe, contributing to the intensification of the exchange of best practices, to the strengthening of institutional capacities and to ensuring a more effective and coordinated intervention in the field of personal data protection.
Vision for the future
NCPDP reconfirms its commitment to ensure a fair and proportionate balance between the protection of personal data and the other fundamental rights and freedoms guaranteed by the Constitution of the Republic of Moldova, in the context of technological developments and the intensification of digitization processes.
In this sense, the institution will continue to strengthen its capacity for supervision, control and intervention, in order to ensure effective compliance with the normative framework and the protection of the rights of data subjects.
At the same time, NCPDP will actively support controllers in the legislative compliance process, through guidance activities, training and promotion of good practices, thus contributing to increasing the general level of responsibility in the processing of personal data.
The institution will also continue to promote a solid data protection culture based on transparency, accountability and respect for human dignity as essential elements of a modern administration and a democratic society.
The protection of personal data is not only a legal obligation, but an essential condition for the functioning of a state of law and for maintaining trust in the relationship between citizens, public authorities and the private sector.