Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Claude Micallef Grimaud
Antoine Camilleri

Stay updated with our latest insights

Telecoms, Media & Technology

Full Implementation of Digital Services Act Imminent

The EU Digital Services Act (‘DSA’), formally titled as the ‘Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC’ is intended to overhaul the outdated framework that previously regulated online intermediaries such as auction sites, social networks, ISPs and platforms which allow for the sharing of content over the Internet. The DSA contains sets of obligations which increase in severity in proportion to the size, role and impact of the online intermediary. Therefore, so-called ‘very large online platforms’ (‘VLOPs’) and ‘very large online…
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy

New Law enables Third Parties to a Contract to benefit from Data Protection Rights

A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
The European Data Protection Board has issued its Opinion on the European Commission’s Draft Adequacy Decision which constitutes a new framework for transatlantic transfers of personal data.
Data Protection and Privacy

The EDPB Issues Opinion on the New EU-U.S. Data Privacy Framework

On the 28th of February 2023, the European Data Protection Board (hereinafter referred to as the “EDPB”) issued its Opinion on the European Commission’s draft adequacy decision regarding the EU-U.S. Data Privacy Framework. Whilst acknowledging the significant improvements made to the Data Privacy Framework such as the improved new redress mechanism under the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, the EDPB’s opinion also highlighted some issues of concern which had previously been raised so as to ensure that the new adequacy decision will be long-lasting. The principal issues of concern specifically relate to the data…
Digital Services Act Deadline: By 17 February 2023, Online Platform Providers were Required to Publish Average Monthly Active Recipients
Telecoms, Media & Technology
Digital Services Act Deadline for Online Platform Providers
U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
Data Protection and Privacy
The New EU-US Personal Data Transfer Framework
EU Legislation
Data Protection and Privacy
Deadline for Third Country Personal Data Transfers: EU Standard Contractual Clauses

Subscribe to our newsletter


How can we help you?