Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Claude Micallef Grimaud
Antoine Camilleri

Stay updated with our latest insights

The EU AI Act
Telecoms, Media & Technology

The EU AI Act: A General Overview

This article is part of our EU AI Act series which explores the effect of the AI Act across various industries and sectors.  Overview & Applicability Timeline The Artificial Intelligence Act (“AI Act” or “Regulation”), officially Regulation (EU) 2024/1689, is a groundbreaking legislative framework designed to address the benefits and risks of AI technologies. Since AI is becoming ubiquitously integrated into various industries, the AI Act aims to ensure that these technologies are deployed safely, ethically, and transparently by establishing rules for AI Systems throughout the European Union (“EU”). The AI Act entered into force across the EU, including Malta,…
Key representing digital resilience
DORA

Status of DORA Regulatory Technical Standards (“RTS”)

Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector ( “DORA”) establishes the EU legislative framework for enhancing digital resilience within the EU’s financial industry. Enforcement commences on 17th January 2025 and the EU Commission is tasked with issuing Regulatory Technical Standards (“RTS”) which supplement DORA. The EU Commission publishes the RTS in the Official Journal as Commission Delegated Regulations, but they are largely based on the input of the European Supervisory Authorities (“ESA”) which comprise of ESMA, EBA and EIOPA. The draft RTS submitted to the European…
Security Sign
DORA

Malta’s Draft Order Transposing the EU NIS 2 Directive Now Open for Public Consultation

The Ministry for Home Affairs, Security and Employment (MHSE) published the proposed Maltese draft order for the transposition of the EU Network and Information Systems Directive II (‘NIS 2’) on 6 September 2024. The draft order, titled ‘Measures For A High Common Level Of Cybersecurity Across The European Union (Malta) Order, 2024’ (the ‘Draft Order’) is currently open for public consultation until 7 October, seeking input for the effective implementation of the NIS 2 Directive in Malta, which must be transposed in national law by 17 October 2024. The Draft Order implements the NIS 2 Directive which significantly expands upon…
Pier on Seashore in Malta
Data Protection and Privacy
DORA: An Overview of the Maltese Legal Provisions
Mamo TCV Advocates - DORA Services
Banking & Finance
Are you ready for DORA?
DSA Update: Maltese Implementing Law, Including New Registration Obligations, Now in Effect
Telecoms, Media & Technology
DSA Update: Maltese Implementing Law, Including New Registration Obligations, Now in Effect

Subscribe to our newsletter


How can we help you?