GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Mamo TCV GDPR Overview
DP Guidelines & Opinions
Data Protection Laws

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights
Get in Touch

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
DORA

Reminder: DORA Register of Information Submission Deadline Approaching

Further to the Malta Financial Services Authority’s (‘MFSA’) circular setting out the reporting timelines applicable to the annual submission of the Register of Information (‘ROI’) under Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (‘DORA’), the submission deadline is now approaching. Financial entities authorised by the MFSA and falling within the scope of DORA are required to submit their updated ROI by 21 March 2026 or the next working day. The ROI must reflect the entity’s contractual arrangements with ICT third-party service providers as at 31 December 2025 and must be submitted via the MFSA’s  LH Portal.…
The EU AI Act
DORA

European Commission Proposes Updated EU Cybersecurity Act (The Cybersecurity Act 2)

On 20 January 2026, the Proposal for a Regulation for the EU Cybersecurity Act (‘The Cybersecurity Act 2’) was published by the European Commission to update and replace Regulation (EU) 2019/881 (the “2019 Cybersecurity Act”). The Proposal was introduced in response to major changes in cybersecurity threats as well as the weaknesses identified in the 2019 Cybersecurity Act. Since the adoption of the 2019 Cybersecurity Act, cyberattacks have become more frequent and sophisticated, increasingly targeting critical infrastructures, essential services and digital supply chains. At the same time, growing geopolitical tensions and the EU’s reliance on technologies from third countries have…
DORA

NIS 2 and Critical Entities Resilience Framework Enter into Force in Malta

Two long-awaited Legal Notices published on Friday, 23rd January 2026 have brought into force key elements of Malta’s cybersecurity and resilience framework, implementing two recent EU legislative developments. Entry Into Force of the NIS 2 Directive Legal Notice 22 of 2026 brought Subsidiary Legislation 460.41, the Measures for a High Common Level of Cybersecurity Across the European Union (Malta) Order, into force on Friday, 23rd January 2026. This Subsidiary Legislation transposes the EU Network and Information Systems Directive II (more commonly known as ‘NIS 2’) into Maltese law and is brought into force as already previously published without substantial substantive…
DORA reporting timelines
DORA
DORA: Register of Information Reporting Timelines for 2026 and Beyond
Artificial Intelligence
Data Protection and Privacy
Mamo TCV attends IDPC FRIA Workshop
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy
The EU Data Act: Malta’s Competent Authorities

Subscribe to our newsletter


How can we help you?

Contact us