Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Mamo TCV GDPR Overview
DP Guidelines & Opinions
Data Protection Laws

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights
Get in Touch

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
Penetration Testing
DORA

Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect

As of today, 8 July 2025, the Regulatory Technical Standards (RTS) on Threat-Led Penetration Testing (TLPT) are now effective, including in Malta, following their publication in the Official Journal on 18 June 2025. These RTS supplement Article 26 of the Digital Operational Resilience Act (‘DORA’) and lay down a framework for the execution of TLPT. The RTS specify the criteria used for identifying the financial entities which are required to perform threat-led penetration tests and lay down organisational arrangements for financial entities. The RTS also include provisions on risk management and specify criteria for engaging TLPT providers. Moreover, the RTS…
Traffic warning
DORA

DORA ICT Subcontracting RTS Published

Following the European Commission’s earlier rejection, the Regulatory Technical Standards (RTS) on ICT Subcontracting have been published in the EU Official Journal on 2 July 2025. The RTS will enter into force 20 days after publication, which means that they will come into effect on 22 July 2025. Financial entities and ICT providers must ensure to update their contractual arrangements to fulfil the conditions set out in the RTS to ensure compliance by 22 July 2025. To receive updates on this important development and related news please visit our website and consider subscribing to our newsletter. This document does not purport…
Digital Inclusion
Telecoms, Media & Technology

Digital Inclusion: The European Accessibility Act and the Web Accessibility Directive

As the digital economy continues to expand, businesses must ensure that their products and services are accessible to everyone — including persons with disabilities. Two key EU laws are shaping accessibility obligations in Malta: the European Accessibility Act and the Web Accessibility Directive. These legal frameworks place important compliance responsibilities on entities with an online presence, particularly those operating in retail, e-commerce, consumer electronics, financial services, and other industries that rely heavily on websites and mobile applications to serve customers. What is the European Accessibility Act? The European Accessibility Act (Directive (EU) 2019/882) will come into force in Malta on…
Chain
Telecoms, Media & Technology
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41
European Blockchain Sandbox
Telecoms, Media & Technology
European Blockchain Sandbox 3rd Cohort & Best Practices Webinar
Rejected!
DORA
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

Subscribe to our newsletter


How can we help you?

Contact us