Carolina Bugaian, European Business Association Moldova President, Moldcell CEO participated at the “Implementation of the Legal Framework on Data Protection: Challenges, Benefits, Resilience” Event.
European Business Association Moldova has been participating actively in the drafting of GDPR law. The 1st practical seminar was organized back in 2019. The story of GDPR law approval was very cumbersome and long, but finally we have the law 195 in place.
In her speech, Mrs. Carolina Bugaian mentioned that the most difficult part is that the law will come to force in less than 8 months and the secondary legislation is still to come.
The issues faced by EBA members that represent banks, telecoms, insurers, healthcare, big retail, platforms tackle transfer and outsourcing risk (cloud, group systems, processors): regulated sectors run heavily on vendors and regional infrastructure; transfer documentation + processor governance becomes a board-level risk.
Breach reporting and crisis management maturity: the 72-hour notification standard forces investments in monitoring, playbooks, and decision logs.
Data subject rights at scale: setting up reliable intake/verification, search, and response processes across many databases—especially where legacy systems exist—becomes costly and reputationally sensitive (and higher-tier fines apply to rights breaches).
DPO availability, capability and independence: regulated sectors often must appoint a DPO and support the function with resources and access; the market for experienced DPOs is typically tight.
High-risk processing governance (DPIAs + prior consultation where needed): anything like large-scale monitoring, sensitive data, or profiling requires stronger upfront controls and documentation.
Financial exposure and enforcement mechanics: Law 195 sets fines up to MDL 1,000,000 / 1% for certain obligations and up to MDL 2,000,000 / 2% for core principles/rights/transfers, whichever is higher.
The biggest compliance risk isn’t “having a policy”; it’s gaps between policy and reality (unknown shadow systems, uncontrolled exports, untracked vendors, inconsistent retention, etc.).
As EBA we will continue to engage in practical level support to help out members to meet data protection and processing obligations in practice with practical guidance + templates (RoPA, DPIA, breach notification pack, controller–processor clauses, DSAR workflows).
The law explicitly anticipates tools like codes of conduct tailored to sectors and SME needs.