Skip to main content

Data Protection and Privacy

Data Protection and Privacy

Visit our GDPR Microsite
Practice Area Overview

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

In November 2017, Mamo TCV organised Malta’s largest conference on data protection with the goal of educating the general public on the implications of the incoming GDPR.

What is the GDPR? The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a single EU law dealing with data protection that intended to do away with the fragmented system that was previously in place and update laws across the EU that had not kept up with the digital age we live in.

On 25 May 2018, the GDPR came into effect across the EU (including Malta) and repealed and replaced the previous Data Protection Directive and the domestic laws implementing it. On this day, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect in Malta. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

With fines as high as €20,000,000 or 4% of an entity’s total worldwide annual turnover, the GDPR introduced a number of rights for data subjects but also a number of obligations that directly impact Maltese and international data controllers and data processors.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this far-reaching law and this, as a matter of urgency.

Over the past years Mamo TCV has carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now regularly assisting clients with their various data protection obligations at law.

For more information, please visit our GDPR page here where, among other things, you can download our popular (and free) GDPR Guidelines.

Get In Touch
Visit our GDPR Microsite
Scope of Services
  • Data Protection compliance, including full GDPR due diligence
  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting and vetting of layered privacy policies & other notices/documents
  • Drafting and vetting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations
  • Expedited legal services in case of data breaches.

Key Contacts

Claude Micallef-Grimaud - Mamo TCV Advocates
Claude Micallef-Grimaud

Stay updated with our latest insights

Explore Insights
Artificial Intelligence
Data Protection and Privacy

Mamo TCV attends IDPC FRIA Workshop

Senior Associate Dr Warren Ciantar and Associate Dr Nicole Bonett attended the Fundamental Rights Impact Assessment Workshop organized by the Office of the Information and Data Protection Commissioner at the Trident Park Conference Hall held on 23rd October 2025. The workshop included an explanation of a methodology for carrying out a fundamental rights impact assessment (‘FRIA’) in terms of the AI Act by Professor Alessandro Mantelero, Associate Professor of Private Law and Law & Technology at the Polytechnic University of Turin. This was followed by a workshop where participants had the opportunity to apply the FRIA methodology to AI use-cases. For more information…
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy

The EU Data Act: Malta’s Competent Authorities

Regulation (EU) 2023/2854 (the “Data Act”) entered into force on 11 January 2024, with its provisions becoming applicable to Member States from 12 September 2025. The Data Act’s enforcement framework calls for Member States to designate one or more competent authorities to enforce the Data Act. If multiple authorities are designated, a data coordinator should also be appointed. In Malta, by virtue of Legal Notice 222 of 2025, the Fair Access to and Use of Data Regulations were promulgated to designate the Malta Digital Innovation Authority (MDIA), as the competent authority for the application and enforcement of all Data Act…
AI Act’s Impact on Businesses Operating Within the EU
Data Protection and Privacy

AI Laws of the World: Mamo TCV Contributes to the First Edition of DLA Piper’s Comparative Guide

DLA Piper’s recently published ‘AI Laws of the World’ guide provides a 2025 Q3 snapshot of AI laws and proposed regulations across more than 40 countries (including all 27 EU Member States), highlighting key legislative developments, regulations, proposed bills, and guidelines issued by governmental bodies. The guide also includes a contribution made by Mamo TCV Advocates which illustrates the legal position in Malta. The guide underscores significant geographical variation in regulatory approaches and attitudes, yet also reveals numerous common concerns, with lawmakers and AI-focused organisations worldwide adopting and exchanging a variety of strategies. Whilst some jurisdictions have established their own…
Malta's AI Act
Data Protection and Privacy
Malta’s AI Act Authority Designations
Pier on Seashore in Malta
Data Protection and Privacy
DORA: An Overview of the Maltese Legal Provisions
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy
New Law enables Third Parties to a Contract to benefit from Data Protection Rights