Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Mamo TCV GDPR Overview
DP Guidelines & Opinions
Data Protection Laws

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights
Get in Touch

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
DORA reporting timelines
DORA

DORA: Register of Information Reporting Timelines for 2026 and Beyond

On 3rd November 2025, the MFSA published a circular on the reporting timelines for submissions of the Register of Information (‘ROI’) pursuant to Article 28(3) of  Regulation (EU) 2022/2554 on Digital Operational Resilience for the Financial Sector (‘DORA’). The circular outlines the reporting period for submitting the ROI from 2026 onwards, which falls between 1 January and 21 March of every reporting year. Financial entities falling within the scope of DORA must submit to the MFSA the updated ROI, containing all information regarding the contractual arrangements in place with ICT third-party service providers, annually and within the specified reporting period.…
Artificial Intelligence
Data Protection and Privacy

Mamo TCV attends IDPC FRIA Workshop

Senior Associate Dr Warren Ciantar and Associate Dr Nicole Bonett attended the Fundamental Rights Impact Assessment Workshop organized by the Office of the Information and Data Protection Commissioner at the Trident Park Conference Hall held on 23rd October 2025. The workshop included an explanation of a methodology for carrying out a fundamental rights impact assessment (‘FRIA’) in terms of the AI Act by Professor Alessandro Mantelero, Associate Professor of Private Law and Law & Technology at the Polytechnic University of Turin. This was followed by a workshop where participants had the opportunity to apply the FRIA methodology to AI use-cases. For more information…
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy

The EU Data Act: Malta’s Competent Authorities

Regulation (EU) 2023/2854 (the “Data Act”) entered into force on 11 January 2024, with its provisions becoming applicable to Member States from 12 September 2025. The Data Act’s enforcement framework calls for Member States to designate one or more competent authorities to enforce the Data Act. If multiple authorities are designated, a data coordinator should also be appointed. In Malta, by virtue of Legal Notice 222 of 2025, the Fair Access to and Use of Data Regulations were promulgated to designate the Malta Digital Innovation Authority (MDIA), as the competent authority for the application and enforcement of all Data Act…
AI Act’s Impact on Businesses Operating Within the EU
Data Protection and Privacy
AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide
Malta's AI Act
Data Protection and Privacy
Malta’s AI Act Authority Designations
Penetration Testing
DORA
Threat-Led Penetration Testing Regulatory Technical Standards under DORA Take Effect

Subscribe to our newsletter


How can we help you?

Contact us