On 29 November 2016, the Moldovan Parliament announced amendments to the draft law on the functioning of the National Centre for Personal Data Protection (the "Draft Law") which will amend the Act No 133/2011 on personal data protection.

The Draft Law will:

  • introduce new definitions relating to the protection of personal data, including broadening the definition of personal data to include biometric data and other factors specific to the physical, psychological, mental, economic or social wellbeing of an individual. This is a clear diversion from the GDPR definition;

  • strengthen the role of the National Centre for Personal Data Protection ("NCPDP") as a regulator by widening its powers, including the ability to apply fines up to a maximum of MDL 5,000,000 at its discretion and without recourse to a court; and

  • place obligations on data controllers and data processors to ensure that any data processing operations taking place outside of Moldova is carried out in accordance with national laws.

The Draft Law is interesting as in some part it signifies a move away from the approach taken by the GDPR, in particular in relation to the definition of personal data, an approach contrary to that taken by many other non-EU countries which have sought to align themselves with the EU.

The second hearing of the Draft Law was, at the time of writing, being heard by the Parliament.

A press release about the Draft Law is available here (Moldovan).