Understanding Moldova’s New Personal Data Protection Law: Implications for Shopify Merchants
On August 23rd, 2024, the Republic of Moldova took a significant step forward in the protection of personal data with the official publication of Law No. 195/2024 in the Official Gazette. This new legislation, detailed in issues 367-369, Article 574, aims to bolster the fundamental rights and freedoms of individuals, particularly in relation to the processing of their personal information.
For Shopify merchants, understanding the implications of this law is vital, especially as it seeks alignment with European Union standards and the General Data Protection Regulation (GDPR). Here’s what you need to know about the key provisions of Law No. 195/2024 and how they may affect your e-commerce operations in Moldova.
Key Provisions of Law No. 195/2024
1. Guidelines on the Processing of Personal Data:
Law No. 195/2024 outlines specific guidelines that merchants must follow when processing private data. This includes obtaining explicit consent from individuals before their data is used and establishing that data is collected for legitimate, specific, and stated purposes. The guidelines also emphasize data minimization, meaning you should only collect data that is necessary for the specified purposes.
2. Rights for Individuals Concerning Their Personal Data:
Individuals have enhanced rights under the new law, including the right to access their data, request corrections, demand the deletion of their data (right to be forgotten), and restrict processing. As a merchant, you must provide mechanisms that allow buyers to exercise these rights easily and transparently.
3. Duties of Data Operators and Authorized Persons:
As a data operator, you are obligated to protect customer data against unauthorized access, accidental loss, destruction, or damage. This involves implementing appropriate technical and organizational measures. Additionally, the law mandates regular training for personnel handling personal data to secure awareness and compliance with data security standards.
4. Measures to Verify the Security and Confidentiality of Processed Personal Data:
Security measures such as encryption, establishing secure processing environments, and standard security assessments are required to protect personal data. This provision secures that private data is not misused, improperly accessed, or disclosed without authorization.
5. Requirements for Data Protection Impact Assessments (DPIAs):
When processing operations are likely to result in high risks to the rights and freedoms of individuals, conducting a DPIA becomes mandatory. This assessment helps identify and mitigate risks associated with data processing activities.
6. Establishment of the Role and Responsibilities of a Data Protection Officer (DPO):
For businesses involved in important data processing activities, appointing a DPO is required. The DPO's role is to oversee data processing operations, assure compliance with the law, and act as a point of contact for regulatory authorities and individuals whose data is being processed.
7. Procedures for Transferring Data to Other States or International Organizations:
The law sets forth strict procedures for international data transfer, safeguarding that sensitive information is only transferred to countries or international organizations that provide an adequate level of safeguarding data.
8. Regulations Governing the Organization and Operation of the NCPDP:
These regulations define the structure, roles, and responsibilities of the National Center for the Protection of Personal Data (NCPDP), enhancing its capability to oversee and enforce data protection laws effectively.
9. Process for Submitting and Handling Complaints:
Individuals can lodge complaints with the NCPDP if they believe their data has been processed in a non-compliant manner. The law outlines the procedure for handling these complaints, certifying a fair and transparent process.
10. Financial Penalties for Operators that Violate the Law:
Major financial penalties serve as a deterrent against non-compliance, emphasizing the importance of adhering to established data security standards.
What Law No. 195/2024 Means for E-commerce Businesses
As Law No. 195/2024 is set to take effect two years after its publication, businesses should use this preparatory period to thoroughly assess and refine their data handling and privacy protocols to verify they meet compliance standards upon enforcement.
Online businesses operating in or marketing to customers in Moldova must pay special attention to the law's emphasis on greater transparency and user empowerment regarding their personal information. This involves transparently communicating the processes of data collection, processing, and storage to customers.
Introducing Consentmo: The Go-to App for Compliance
To aid in compliance with Law No. 195/2024, consider integrating tools like Consentmo into your Shopify store. Consentmo can help manage customer consents more effectively, guaranteeing that they are logged and stored in compliance with the new regulations. Our app will help you meet the stringent requirements around documenting consent, providing an easy solution to a potentially complex compliance requirement.
Conclusion
For Shopify merchants, the introduction of Law No. 195/2024 in Moldova presents a substantial update to privacy management practices. By understanding these changes and preparing in advance, you can verify that your business not only complies with the new law but also provides a safe and trustworthy environment for your clients.
As we move towards a more data-conscious world, staying informed and adaptable is key. Law No. 195/2024 is not just a regulatory challenge but an opportunity to enhance the trust and loyalty of your users by safeguarding their personal data.
.png)
%20.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
_046c3ef873.png)
%20-%20Copy.png)
.svg)
