Skip to main content

Data Protection Opinions & Guidelines

Return to GDPR page

Maltese Data Protection Guidelines

Guidelines on the Collection of Employees’ COVID-19 Vaccination Status
Guidelines for the Maltese Banking Industry
Guidelines for the Maltese Gaming Industry
Guidelines for Credit Referencing Institutions
Guidelines for Political Campaigning Purposes
Guidance Note on Cookies Consent Requirements
Guidelines on Street Photography

GDPR-Related Guidelines Published or Endorsed by the European Data Protection Board

Guidelines 05/2022 on the use of facial recognition technology in the area of law enforcement – Adopted on 26 April 2023
Guidelines 01/2022 on data subject rights - Right of access – Adopted 28 March 2023
Guidelines 9/2022 on personal data breach notification under GDPR – Adopted 28 March 2023
Guidelines 05/2021 on the Interplay between the application of Article 3 and the provisions on international transfers as per Chapter V of the GDPR – Adopted on 14 February 2023
Guidelines 07/2022 on certification as a tool for transfers - Adopted on 14 February 2023
Guidelines 04/2022 on the calculation of administrative fines under the GDPR - Adopted on 12 May 2022
Guidelines 06/2022 on the practical implementation of amicable settlements - Adopted on 12 May 2022
Guidelines 3/2022 on Dark patterns in social media platform interfaces: How to recognise and avoid them - Adopted on 14 March 2022
Guidelines 02/2022 on the application of Article 60 GDPR - Adopted on 14 March 2022
Guidelines 04/2021 on Codes of Conduct as tools for transfers - Adopted on 22 February 2022
Guidelines 01/2021 on Examples regarding Personal Data Breach Notification - Adopted on 14 December 2021
Guidelines 10/2020 on restrictions under Article 23 GDPR - Adopted on 13 October 2021
Guidelines 07/2020 on the concepts of controller and processor in the GDPR - Adopted on 07 July 2021
Guidelines 02/2021 on virtual voice assistants - Adopted on 7 July 2021
Guidelines 8/2020 on the targeting of social media users - Adopted on 13 April 2021
Guidelines 03/2021 on the application of Article 65(1)(a) GDPR - Adopted on 13 April 2021
Guidelines 09/2020 on relevant and reasoned objection under Regulation 2016/679 - Adopted on 09 March 2021
Guidelines 01/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 9 March 2021
Guidelines 01/2021 on Examples regarding Data Breach Notification - Adopted on 14 January 2021
Guidelines 2/2020 on articles 46 (2) (a) and 46 (3) (b) of Regulation 2016/679 for transfers of personal data between EEA and non-EEA public authorities and bodies - Adopted on 15 December 2020
Guidelines 06/2020 on the interplay of the Second Payment Services Directive and the GDPR - Adopted on 15 December 2020
Guidelines 4/2019 on Article 25 Data Protection by Design and by Default - Adopted on 20 October 2020
Guidelines 5/2019 on the criteria of the Right to be Forgotten in the search engines cases under the GDPR (part 1) - Adopted on 7 July 2020
Guidelines 05/2020 on consent under Regulation 2016/679 - Adopted on 4 May 2020
Guidelines 04/2020 on the use of location data and contact tracing tools in the context of the COVID-19 outbreak - Adopted on 21 April 2020
Guidelines 03/2020 on the processing of data concerning health for the purpose of scientific research in the context of the COVID-19 outbreak - Adopted on 21 April 2020
Guidelines 3/2019 on processing of personal data through video devices - Adopted on 29 January 2020
Guidelines 1/2020 on processing personal data in the context of connected vehicles and mobility related applications - Adopted on 28 January 2020
Guidelines 1/2019 on Codes of Conduct and Monitoring Bodies under Regulation 2016/679 – Adopted on 4 June 2019
Guidelines 4/2018 on the accreditation of certification bodies under Article 43 of the General Data Protection Regulation (2016/679) – Adopted on 4 June 2019
Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation - version adopted after public consultation – Adopted on 4 June 2019
Guidelines 3/2018 on the territorial scope of the GDPR (Article 3) - version adopted after public consultation – Adopted on 12 November 2019
Guidelines 2/2019 on the processing of personal data under Article 6(1)(b) GDPR in the context of the provision of online services to data subjects - Adopted on 8 October 2019
Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 - Adopted on 25 May 2018
Guidelines 2/2018 on derogations of Article 49 under Regulation 2016/679 - Adopted on 25 May 2018
Guidelines on Transparency - Last Revised and Adopted on 11 April 2018
Guidelines on Automated individual decision-making and Profiling for the purposes of Regulation 2016/679 - Last Revised and Adopted on 6 February 2018
Guidelines on Personal Data Breach Notification under Regulation 2016/679 - Last Revised and Adopted on 6 February 2018
Guidelines for identifying a controller or processor's lead supervisory authority - Last Revised and Adopted on 5 April 2017
Guidelines on the Right to Data Portability - Last Revised and adopted on 5 April 2017
Guidelines on Data Protection Officers ('DPOs') - Last Revised and Adopted on 5 April 2017

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Stay updated with our latest insights

DSA Update: Maltese Implementing Law, Including New Registration Obligations, Now in Effect
Telecoms, Media & Technology

DSA Update: Maltese Implementing Law, Including New Registration Obligations, Now in Effect

The EU Digital Services Act (Regulation (EU) 2022/2065) (the “DSA”) has been implemented into Maltese law by virtue of the Digital Services (Designation and Enforcement) Order, Subsidiary Legislation 418.05, (the “Order”) which came into force on 12th March 2024. The Order designates the Malta Communications Authority (“MCA”) as the Digital Services Coordinator for Malta. This role, created by the DSA, tasks the MCA with ensuring that intermediary service providers established in Malta comply with their obligations under the DSA. This entails handling any complaints received by users and acting as the point of contact between service providers and users. Furthermore,…
Telecoms, Media & Technology

Full Implementation of Digital Services Act Imminent

The EU Digital Services Act (‘DSA’), formally titled as the ‘Regulation (EU) 2022/2065 of the European Parliament and of the Council of 19 October 2022 on a Single Market For Digital Services and amending Directive 2000/31/EC’ is intended to overhaul the outdated framework that previously regulated online intermediaries such as auction sites, social networks, ISPs and platforms which allow for the sharing of content over the Internet. The DSA contains sets of obligations which increase in severity in proportion to the size, role and impact of the online intermediary. Therefore, so-called ‘very large online platforms’ (‘VLOPs’) and ‘very large online…
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy

New Law enables Third Parties to a Contract to benefit from Data Protection Rights

A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
The European Data Protection Board has issued its Opinion on the European Commission’s Draft Adequacy Decision which constitutes a new framework for transatlantic transfers of personal data.
Data Protection and Privacy
The EDPB Issues Opinion on the New EU-U.S. Data Privacy Framework
Digital Services Act Deadline: By 17 February 2023, Online Platform Providers were Required to Publish Average Monthly Active Recipients
Telecoms, Media & Technology
Digital Services Act Deadline for Online Platform Providers
U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
Data Protection and Privacy
The New EU-US Personal Data Transfer Framework

Join our mailing list

Get in touch by sending us a message or by contacting us directly.


How can we help you?