Skip to main content

GDPR

Is your organisation GDPR compliant?

The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a new single EU law dealing with data protection that is intended to do away with the fragmented system that was previously in place and update laws across the EU that have not kept up with the digital age we live in. On 25 May 2018, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

Mamo TCV GDPR Overview
DP Guidelines & Opinions
Data Protection Laws

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this new law and this, as soon as possible.

Are you ready for DORA? Is it applicable to you?
Find out more on our dedicated DORA section by clicking here

UNDERSTANDING GDPR

GDPR at a glance

  • Fines up to €20,000,000 or 4% of an entity’s total worldwide annual turnover
  • Significantly expanded territorial scope
  • Mandatory data breach notification in certain cases
  • Mandatory appointment of a Data Protection Officer in certain cases
  • Data Processors now also directly responsible at law
  • More stringent consent requirements
  • Increased level of information to be provided to data subjects
  • More stringent requirements in controller-processor contracts
  • Removal of the general notification requirement
  • New data subject rights
Get in Touch

WHAT WE BELIEVE IN

How can we help?

Our Reputation

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

GDPR Compliance

Over the past years we have carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now assisting clients with their various new obligations at law. From rules relating to direct marketing to data retention obligations, we have you covered.

What we Offer

  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting of layered privacy policies & other notices
  • Drafting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef Grimaud
Antoine Camilleri - Mamo TCV Advocates
Antoine Camilleri

Stay updated with our latest insights

Explore Insights
Rejected!
DORA

European Commission Rejects Draft Regulatory Technical Standards on ICT Subcontracting

The European Commission has communicated its rejection of the draft Regulatory Technical Standards (RTS) on subcontracting ICT services supporting critical or important functions supplementing the Digital Operational Resilience Act (DORA).  In its communication, the Commission held that the European Supervisory Authorities (ESAs) exceeded their mandate under Article 30(5) of DORA (which came into effect on 17 January 2025) by introducing requirements not specifically linked to the conditions for subcontracting in Article 5 of the RTS. The Commission has made it clear that Article 5 and the related recital 5 of the draft RTS must be omitted from the draft RTS…
EU AI Act
Telecoms, Media & Technology

EU AI Act: Banned AI Practices from 2 February 2025

The EU AI Act becomes applicable across the EU, including Malta, on 2 August, 2026 (you may read our general overview here). However, the AI Act’s general provisions and the provisions on prohibited AI practices that present an unacceptable level of risk, will come into force as early as 2 February 2025. With this deadline fast approaching, organisations subject to the AI Act must ensure compliance accordingly. AI Literacy By 2 February 2025, providers and deployers of AI systems, including those based in Malta, must take steps to guarantee an adequate level of AI literacy among their staff and any…
Triangular Patterns
DORA

MFSA Issues Two Circulars on ICT Risk

On the 16th of January 2025, the MFSA published a circular on the register of information-reporting-timelines for MFSA-authorised persons. Subsequently, on the 17th of January 2025, the MFSA published another circular outlining several resources uploaded to its website to assist compliance with Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector (“DORA”). The circular issued on 16th of January 2025 focuses on the Register of Information required under Article 28(3) of DORA. This register mandates financial entities to document all contractual arrangements with ICT Third-Party Service Providers (“ICT TPPs”), ensuring transparency in…
St James Cavalier Web Dome
DORA
DORA is Now in Force: What’s Next?
European Blockchain Sandbox
FinTech
European Blockchain Sandbox & MDIA Joint Webinar
AI Act’s Impact on Businesses Operating Within the EU
Telecoms, Media & Technology
The AI Act’s Impact on Businesses Operating Within the EU

Subscribe to our newsletter


How can we help you?

Contact us