Data Protection Opinions & Guidelines

Return to GDPR page
Guidelines on Certification and Identifying Certification Criteria - Adopted on 23 January 2019
Guidelines on Codes of Conduct and Monitoring Bodies - Adopted on 12 February 2019
Guidelines on the processing of personal data under Article 6(1)(b) GDPR in the context of provision of online services to data subjects - Adopted on 8 October 2019
Guidelines on the Territorial Scope of the GDPR - Adopted on 12 November 2019
Guidelines on Data Protection by Design and by Default - Adopted on 13 November 2019
Guidelines on Processing Personal Data in the Context of Connected Vehicle and Mobility Related Applications - Adopted on 28 January 2020 (version for public consultation)
Guidelines on Processing of Personal Data through Video Devices - Adopted on 29 January 2020
Guidelines on Derogations for Transfers of Personal Data to Third Countries - Adopted on 25 May 2018
Guidelines on the Accreditation of Certification Bodies - Adopted on 4 December 2018
Guidelines on Binding Corporate Rules for Controllers - Adopted on 6 February 2018
Guidelines on Binding Corporate Rules for Processors - Adopted on 29 November 2017
Guidelines on Adequacy Referential - Adopted on 28 November 2017
Guidelines on Transparency - Last Revised and Adopted on 11 April 2018
Guidelines on Consent - Last Revised and Adopted on 4 May 2020
Guidelines on the Application and Setting of Administrative Fines - Adopted on 3 October 2017
Guidelines on Automated Individual Decision-Making and Profiling - Last Revised and Adopted on 6 February 2018
Guidelines on Personal Data Breach Notification - Last Revised and Adopted on 6 February 2018
Opinion on Data Processing at Work - Adopted on 8 June 2017
Guidelines on Data Protection Impact Assessment (DPIA) - Last Revised and Adopted on 4 October 2017
Guidelines for Identifying a Controller or Processor’s Lead Supervisory Authority - Last Revised and Adopted on 5 April 2017
Guidelines on Data Protection Officers (‘DPOs’) - Last Revised and Adopted on 5 April 2017
Guidelines on the Right to Data Portability - Last Revised and Adopted on 5 April 2017


How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Stay updated with our latest insights

Telecoms, Media & Technology

The EU-US Privacy Shield: Third Time’s a Charm?

In a joint press release issued on 25 March 2022, it was announced that the European Commission and the U.S. Government have agreed on a Trans-Atlantic Data Privacy Framework (the 'Framework') which would succeed the EU-US Privacy Shield (which had, in turn, succeeded the previous 'Safe Harbour' mechanism). This Framework is already being referred to by some as the 'EU-US Privacy Shield 2.0' but it is actually the third attempt at regulating Trans-Atlantic transfers of personal data. The Framework would comply with and relieve uncertainty which has been caused by the decision taken by the CJEU in Data Protection Commissioner…
Claude Micallef-Grimaud

Transfers of Personal Data to Third Countries: A Brief look at the New SCCs

This article was written by​ Dr Michael Camilleri, Dr Warren Ciantar and Dr Claude Micallef-Grimaud. Transferring personal data from one EU Member State to another does not entail any formalities in addition to the basic and established requirements of the EU General Data Protection Regulation (GDPR). The reason for this is because all EU Member States are, by default, deemed to offer an 'adequate level of protection due to the robust and mostly harmonised privacy laws in place. The same can largely be said about countries within the European Economic Area (EEA). Transfers of personal data from the EU to the so-called…
Data Protection and Privacy

Mamo TCV Advocates Publishes 5th Edition of its Popular (and free) ‘Brief Overview of the GDPR’

Mamo TCV Advocates has recently updated its very popular (and free) brief GDPR overview (now in its 5th edition) with easy-to-read information specific to Malta including the local implementation measures. The document can be downloaded for free from Mamo TCV's dedicated GDPR Microsite which is kept regularly updated. At you can find relevant data protection news and articles, all relevant guidelines, links to all the relevant laws and more. Should you need any guidance on any GDPR-related issues, please contact our specialised Data Protection Team at:  Disclaimer This document does not purport to give legal, financial or tax…
Upcoming ‘Digital’ Laws: The Future Is Now
Telecoms, Media & Technology
The EU-US Privacy Shield is No More
Legal Update
Recent Amendments to the Maltese Subsidiary Legislation Regulating the Processing of data in the Insurance Sector

Join our mailing list

Get in touch by sending us a message or by contacting us directly.

How can we help you?