GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Antoine Camilleri
Claude Micallef Grimaud

Stay updated with our latest insights

Data Protection and Privacy

No More USA Social Media in the EU?

It has been reported by various news outlets that Ireland’s Data Protection Commission (DPC) has prepared a draft decision which may well lead to the end of EU-US data transfers. This draft decision is a consequence of the concerns which have been raised by USA surveillance laws and practices and comes in the wake of the invalidation of the EU-US Privacy Shield by the Court of Justice of the EU a few years ago. The draft decision has been shared with other EU data protection supervisory authorities and a period of one month has been allocated for their input before…
News_Shld.jpg
Telecoms, Media & Technology

The EU-US Privacy Shield: Third Time’s a Charm?

In a joint press release issued on 25 March 2022, it was announced that the European Commission and the U.S. Government have agreed on a Trans-Atlantic Data Privacy Framework (the 'Framework') which would succeed the EU-US Privacy Shield (which had, in turn, succeeded the previous 'Safe Harbour' mechanism). This Framework is already being referred to by some as the 'EU-US Privacy Shield 2.0' but it is actually the third attempt at regulating Trans-Atlantic transfers of personal data. The Framework would comply with and relieve uncertainty which has been caused by the decision taken by the CJEU in Data Protection Commissioner…
News_WRL.png
Claude Micallef-Grimaud

Transfers of Personal Data to Third Countries: A Brief look at the New SCCs

This article was written by​ Dr Michael Camilleri, Dr Warren Ciantar and Dr Claude Micallef-Grimaud. Transferring personal data from one EU Member State to another does not entail any formalities in addition to the basic and established requirements of the EU General Data Protection Regulation (GDPR). The reason for this is because all EU Member States are, by default, deemed to offer an 'adequate level of protection due to the robust and mostly harmonised privacy laws in place. The same can largely be said about countries within the European Economic Area (EEA). Transfers of personal data from the EU to the so-called…
Data Protection and Privacy
Mamo TCV Advocates Publishes 5th Edition of its Popular (and free) ‘Brief Overview of the GDPR’
News_DGav.png
News
Upcoming ‘Digital’ Laws: The Future Is Now
News_SLD.png
Telecoms, Media & Technology
The EU-US Privacy Shield is No More

Subscribe to our newsletter


How can we help you?