Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Claude Micallef Grimaud
Antoine Camilleri

Stay updated with our latest insights

U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
Data Protection and Privacy

The New EU-US Personal Data Transfer Framework

The agreement on a new EU-U.S. data privacy framework between EU Commission President Ursula Von Der Leyen and U.S. President Joe Biden had already been announced on 25 March 2022 (for background, please refer to our previous article The EU-US Privacy Shield: Third Time’s a Charm? - Mamo TCV). However, the stability and longevity of the agreement was questioned by Austrian privacy activist Max Schrems who sent an open letter to stakeholders as a warning that the new framework risks being declared invalid, and consequently being struck down by the CJEU, should no reforms to U.S. law take place to…
EU Legislation
Data Protection and Privacy

Deadline for Third Country Personal Data Transfers: EU Standard Contractual Clauses

On 27th June 2021, the European Commission unveiled the new set of EU Standard Contractual Causes (‘SCCs’) that are to be used in instances when personal data are to be transferred from the EU/EEA to a third country. These new SCCs replaced an older version and are now required in those instances where the old SCCs were being relied on, as opposed to other derogations that may be applicable, for any contract involving transfers of personal data to third countries, signed after the 27th September 2021. Meanwhile a transitory ‘grace’ period was granted to any contracts which already incorporated the…
The EU Data Act – Not Another GDPR
Data Protection and Privacy

The EU Data Act – Not Another GDPR

On 23 February 2022, the EU Commission proposed measures regulating the use and access of data, not being ‘personal data’ as understood by the GDPR, within the European Union across all economic sectors. The regulation of the use of data is essential given that data continues to be generated yet underutilised. The draft Regulation is to be read in conjunction with the EU’s Data Governance Act. The aim of the Data Act is to lay down common standards on the re-use of data across sectors. In this manner, the Act operates together with other legislation that has failed to address…
Hacker stealing data
Data Protection and Privacy
Mamo TCV Webinar │ The EU GDPR: Frequently Asked Questions
Data Protection and Privacy
No More USA Social Media in the EU?
News_Shld.jpg
Telecoms, Media & Technology
The EU-US Privacy Shield: Third Time’s a Charm?

Subscribe to our newsletter


How can we help you?