GDPR
The European Union's GDPR or General Data Protection Regulation, as a regulation applies across the EU including Malta. Hence our ability as a specialist GDPR law firm in Malta to provide highly specialised GDPR compliance services in Malta. Our dedicated GDPR team consists of GDPR lawyers and data security experts crossing legal and tech disciplines to ensure full coverage, advice and implementation of GDPR compliant measures in your business, safeguarding sensitive commercial and personal data and your reputation in the market.
Business Compliance with Malta GDPR Laws
The introduction of the General Data Protection Regulation (Regulation 2016/679/EU), or ‘GDPR’, on 25 May 2018 harmonised the diverging regulation of data protection across the EU which could not keep up with the ever-evolving digital world. From this point on, the traditional trajectory of business would enter a new age – bringing about a number of management and system considerations required to be incorporated as part of the day-to-day running of a business, from day one of its incorporation.
Applicability of the GDPR to Businesses in Malta
Not all processing of data is subject to the GDPR; however, once ‘Personal’ data is involved, the GDPR regime applies across the board to all ‘processing’ activities, as trivial as they may seem. Given that businesses base revenue on sales, marketing and customer interactions, a Maltese business is bound to carry out processing of personal data whether it realises it or not.
Whilst several businesses brought their organisations in line with the text of the GDPR by 25 May 2018, in the interim, regulatory practice has evolved as a result of various EU court judgements, European Data Protection Board (EDPB) guidelines and the local supervisory data protection authority (IDPC) decisions.
Breaking down the GDPR
- Fines up to €20,000,000 or 4% of the firm’s annual revenue turnover, whichever amount is higher.
- Mandatory appointment of Data Protection Officer (DPO) for a number of activities.
- Obligatory Data Breach Notification (DBN) in specific circumstances as prescribed under law.
- Required Data Protection Impact Assessments (DPIAs) when high risk may ensue.
- Data Protection by Design and by Default (DPbD) now obligatory from the start.
- Substantially extended scope and reach of GDPR applicability.
- More onerous requisites for consent as lawful basis.
- Additional data subject rights which may be invoked.
- Increased information detail to be shared with data subjects.
- Data Processors directly responsible at law with Data Controllers.
- Additional stringent requisites in controller-processor agreements.
- Non-exhaustive list of third-country transfer tools and mitigation measures – such as Standard Contractual Clauses (SCCs).
Related Insights
Related Practice Groups
Related Practices
