WHAT WE BELIEVE IN
Data Protection Opinions & Guidelines
Return to GDPR pageMaltese Data Protection Guidelines
GDPR-Related Guidelines Published or Endorsed by the European Data Protection Board
Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement – Adopted on 26 April 2023
Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR – Adopted on 14 February 2023
Guidelines 04/2022 on the calculation of administrative fines under the GDPR - Adopted on 12 May 2022
Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them - Adopted on 14 March 2022
Guidelines 01/2021 on Examples regarding Personal Data Breach Notification - Adopted on 14 December 2021
Guidelines 07/2020 on the concepts of controller and processor in the GDPR - Adopted on 07 July 2021
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 - Adopted on 09 March 2021
Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 9 March 2021
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies - Adopted on 15 December 2020
Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - Adopted on 15 December 2020
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default - Adopted on 20 October 2020
Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) - Adopted on 7 July 2020
Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak - Adopted on 21 April 2020
Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak - Adopted on 21 April 2020
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 28 January 2020
Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 – Adopted on 4 June 2019
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) – Adopted on 4 June 2019
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation - version adopted after public consultation – Adopted on 4 June 2019
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version adopted after public consultation – Adopted on 12 November 2019
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects - Adopted on 8 October 2019
Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 - Last Revised and Adopted on 6 February 2018
Guidelines on Personal Data Breach Notification under Regulation 2016/679 - Last Revised and Adopted on 6 February 2018
Guidelines for identifying a controller or processor's lead supervisory authority - Last Revised and Adopted on 5 April 2017
How can we help?
Our Reputation
Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.
GDPR Compliance
Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.
What we Offer
- Comprehensive expert legal advisory services
- Data protection risk assessments
- Training of DPOs and other staff members
- Drafting of layered privacy policies & other notices
- Drafting of data processing agreements & addenda
- Full legal representation in contentious matters and/or IDPC investigations
Stay updated with our latest insights
Malta’s Transposition of the NIS 2 Directive: S.L. 460.41
Following Malta’s Draft Order transposing the EU NIS 2 Directive, which closed for public consultation on 7 October 2024, as an EU Member State, Malta was obliged to transpose EU Directive 2022/2555 (‘NIS 2’) by 17 October 2024. The transposition was finally implemented on 8 April 2025 through Legal Notice 71 of 2025 which creates the Measures for a High Common Level of Cybersecurity across the European Union (Malta) Order, 2025 as Subsidiary Legislation 460.41 (S.L. 460.41). It should however be noted that at time of writing, S.L. 460.41 is not yet in force, though it is expected to come…
European Blockchain Sandbox 3rd Cohort & Best Practices Webinar
The selection process for the third and final cohort of the European Blockchain Sandbox has been completed and the final twenty selected use cases have now been announced. Moreover, the European Blockchain Sandbox will soon be publishing the second cohort’s Best Practices Report which shall contain an overview of the regulatory best practices identified. The Report will be launched during a public webinar to be held on the 29th April 2025 at 14:00 CET, wherein the public is invited to ask any questions they may have regarding the Report. In conjunction, the award for the Most Innovative Regulator for the…
European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting
The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA). In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
Join our mailing list
Get in touch by sending us a message or by contacting us directly.