GDPR

Business Compliance with Malta GDPR Laws

The introduction of the General Data Protection Regulation (Regulation 2016/679/EU), or ‘GDPR’, on 25 May 2018 harmonised the diverging regulation of data protection across the EU which could not keep up with the ever-evolving digital world.  From this point on, the traditional trajectory of business would enter a new age – bringing about a number of management and system considerations required to be incorporated as part of the day-to-day running of a business, from day one of its incorporation.

Applicability of the GDPR to Businesses in Malta

Not all processing of data is subject to the GDPR; however, once ‘Personal’ data is involved, the GDPR regime applies across the board to all ‘processing’ activities, as trivial as they may seem.  Given that businesses base revenue on sales, marketing and customer interactions, a Maltese business is bound to carry out processing of personal data whether it realises it or not.

Whilst several businesses brought their organisations in line with the text of the GDPR by 25 May 2018, in the interim, regulatory practice has evolved as a result of various EU court judgements, European Data Protection Board (EDPB) guidelines and the local supervisory data protection authority (IDPC) decisions.

Breaking down the GDPR  

• Fines up to €20,000,000 or 4% of the firm’s annual revenue turnover, whichever amount is higher.
• Mandatory appointment of Data Protection Officer (DPO) for a number of activities.
• Obligatory Data Breach Notification (DBN) in specific circumstances as prescribed under law.
• Required Data Protection Impact Assessments (DPIAs) when high risk may ensue.
• Data Protection by Design and by Default (DPbD) now obligatory from the start.
• Substantially extended scope and reach of GDPR applicability.
• More onerous requisites for consent as lawful basis.
• Additional data subject rights which may be invoked.
• Increased information detail to be shared with data subjects.
• Data Processors directly responsible at law with Data Controllers.
• Additional stringent requisites in controller-processor agreements.
• Non-exhaustive list of third-country transfer tools and mitigation measures – such as Standard Contractual Clauses (SCCs).

Corporate Data Protection Support 

We also have industry-grade knowledge in serving corporations and business enterprises in respect of data protection and GDPR compliance. Understanding the extent and complexity of maintaining compliance with data protection laws, we have over the years gained legal-technical knowledge to be able to ensure the compliance of a corporation’s offerings, both traditional and technological, with GDPR requisites. 

We are however able to advise and assist not only in respect of data protection compliance concerning a corporation’s services to its customers but also in respect of ancillary aspects concerned to be able to generate such revenue, such as a corporation’s presence on the web and the processing of data of potential customers. In this respect, we are also well-equipped on matters of domain disputes. We are therefore able to offer support for GDPR compliance on continuous basis. Given the necessary compliance required for data protection, we have various data protection packages we may offer, to best suit one’s specific operations. Some of our  include the review and/or preparation of Privacy Policies and Data Protection Agreements. 

Our technical expertise on the interrelationship between various forms of technological offerings and the scope of the GDPR, allows us to advise and find solutions for a wide range of business requirements–effectively constituting an intermediary between the legal world and the binary & networks world. Although the GDPR has brought about some grey areas for various developing technological practices, our technology-driven enthusiasm allows us to duly reconcile data protection law with the underlying technological offering.