Personal Data Operator Registration in Moldova
Every company in Moldova that processes personal data has compliance obligations under Moldovan law — from employee records and client databases to website analytics and payroll. BULR handles personal data operator registration in Moldova, internal policy preparation, and readiness for the incoming Law No. 195/2024.
BULR is a private legal and business advisory firm. We do not represent any government authority or issue official government documents.
Data protection compliance in Moldova — what applies to you
Personal data protection in Moldova is currently governed by Law No. 133/2011 and supervised by the National Centre for Personal Data Protection (CNPDCP). Any company that processes personal data — collects, stores, uses, or transfers information about identifiable individuals — operates as a personal data operator and carries obligations under this law.
On 23 August 2024, Moldova adopted Law No. 195/2024, which partially transposes the EU GDPR into Moldovan law. It enters into force in August 2026, replacing Law No. 133/2011. Companies that address their data protection obligations now — under the current law — are also building the foundation for a cleaner transition to the incoming framework. BULR advises on both.
Getting your data protection in order
Four stages, from initial assessment to full compliance — and a brief on what changes in August 2026.
Data mapping & Compliance Review
We assess your business: what personal data you collect, on what legal basis, for what purposes, and whether your current arrangements comply with Law No. 133/2011. This assessment drives everything — scope, documentation, and timeline.
Internal Policies & Documentation
We prepare the complete package of internal data protection documentation — privacy policy, consent forms, data processing records, and data subject rights procedures. Nothing templated for another business.
CNPDCP Submission
Where your processing requires notification to the CNPDCP under applicable rules, we prepare and submit the documentation on your behalf and confirm completion.
Law 195/2024 Readiness
We brief you on what Law No. 195/2024 requires from August 2026 — what changes, what carries over, and what needs updating. Companies that prepare in advance avoid a compliance scramble at transition.
We Work With
the Best
Free consultation — let's start today
Data protection compliance for every business type
The obligation to register as a personal data operator and maintain compliant processing practices applies regardless of company size, industry, or ownership structure. We work with businesses at every stage.
Newly registered companies
personal data operator registration handled as part of the post-registration setup, alongside VAT and accounting.
Existing businesses with gaps
companies that have been processing personal data without formal compliance documentation in place.
IT companies and IT Park residents
where data processing is central to the business model and GDPR-aligned compliance matters to international clients and partners.
Foreign-owned companies
where parent company GDPR obligations require the Moldovan entity to meet equivalent local standards.
What you get when you choose right
Assessed, Not Assumed
We assess what applies to your business specifically. Data protection compliance is a set of ongoing obligations — not a one-time filing that applies generically to every company.
One Firm for Company and Compliance
Personal data operator registration handled by the same firm managing your company registration and legal work. No coordinating between separate providers.
Ahead of August 2026
Law No. 195/2024 enters into force in August 2026. Companies that act now build the compliance foundation before the deadline — not under pressure after it.
Tailored Documentation
Every document reflects your business — your data flows, your consent mechanisms, your employee arrangements. Nothing adapted from a template.
What people ask before they engage
Does my company need to register as a personal data operator in Moldova?
Under Law No. 133/2011, any company that processes personal data — stores employee records, maintains client databases, uses website analytics, or handles payroll data — operates as a personal data operator and has compliance obligations. These include maintaining a privacy policy, ensuring a lawful basis for processing, and respecting data subjects' rights. Whether formal notification to the CNPDCP is required depends on the nature and scope of your processing activities. We assess your specific situation before advising on what is required.
What is Law No. 195/2024 and how does it affect my business?
Law No. 195/2024 was adopted on 23 August 2024 and enters into force 24 months after publication — in August 2026. It partially transposes the EU GDPR into Moldovan law, introducing stronger data subject rights, clearer obligations for controllers and processors, and updated supervisory powers for the CNPDCP. Until it enters into force, Law No. 133/2011 remains applicable. Companies should begin preparing for the transition now rather than at the enforcement deadline.
What is the CNPDCP and what does it do?
The CNPDCP (National Centre for Personal Data Protection) is the supervisory authority responsible for overseeing compliance with Moldovan data protection law. It can investigate complaints, conduct audits, and impose sanctions on companies that fail to meet their obligations. From August 2026, its powers will be updated under Law No. 195/2024 to align with the GDPR supervisory model.
Which companies are affected by data protection obligations in Moldova?
Virtually every company operating in Moldova — any business that employs staff, maintains client records, operates a website with analytics, or processes payment data has obligations under Law No. 133/2011. The scope of required documentation and any notification obligations depends on the volume and sensitivity of the data processed. We assess your specific situation before advising on what is required.