Skip to main content

Data Protection and Privacy

Data Protection and Privacy

Visit our GDPR Microsite
Practice Area Overview

Mamo TCV Advocates is a leading Maltese law firm with years of experience in the field of privacy law and, in particular, data protection law. With clients ranging from world-famous multinational IT companies to individual data subjects we can provide your organisation practical advice regardless of the situation you are in.

In November 2017, Mamo TCV organised Malta’s largest conference on data protection with the goal of educating the general public on the implications of the incoming GDPR.

What is the GDPR? The GDPR or ‘General Data Protection Regulation’ (Regulation 2016/679/EU) is a single EU law dealing with data protection that intended to do away with the fragmented system that was previously in place and update laws across the EU that had not kept up with the digital age we live in.

On 25 May 2018, the GDPR came into effect across the EU (including Malta) and repealed and replaced the previous Data Protection Directive and the domestic laws implementing it. On this day, as in the case of other EU Member States, the GDPR took effect in Malta. The new Data Protection Act, 2018 (Chapter 586 of the Laws of Malta) has also come into effect in Malta. Data controllers and processors had until this date to prepare for the various new, and in some cases, onerous obligations introduced by the GDPR.

With fines as high as €20,000,000 or 4% of an entity’s total worldwide annual turnover, the GDPR introduced a number of rights for data subjects but also a number of obligations that directly impact Maltese and international data controllers and data processors.

Maltese organisations (especially those processing large amounts of personal data) must take all necessary measures to ensure full compliance with this far-reaching law and this, as a matter of urgency.

Over the past years Mamo TCV has carried out several GDPR audits and training sessions for our diverse portfolio of clients and we are now regularly assisting clients with their various data protection obligations at law.

For more information, please visit our GDPR page here where, among other things, you can download our popular (and free) GDPR Guidelines.

Get In Touch
Visit our GDPR Microsite
Scope of Services
  • Data Protection compliance, including full GDPR due diligence
  • Comprehensive expert legal advisory services
  • Data protection risk assessments
  • Training of DPOs and other staff members
  • Drafting and vetting of layered privacy policies & other notices/documents
  • Drafting and vetting of data processing agreements & addenda
  • Full legal representation in contentious matters and/or IDPC investigations
  • Expedited legal services in case of data breaches.

Key Contacts

Photo of Dr Claude Micallef-Grimaud
Claude Micallef-Grimaud

Stay updated with our latest insights

Explore Insights
Pier on Seashore in Malta
Data Protection and Privacy

DORA: An Overview of the Maltese Legal Provisions

On 16 July 2024, Legal Notice 166 of 2024 was published in Malta. This implemented the relevant provisions of DORA (full title being Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) 648/2012, (EU) 600/2014, (EU) No 909/2014 and (EU) 2016/1011) into Maltese law. The said provisions can now be found under the Malta Financial Services Authority Act (Digital Operational Resilience Act (DORA)) Regulations, 2024 (S.L. 330.20) – the ‘Maltese Regulations’. The Maltese Regulations shall come into force on…
Mamo TCV Advocates: New Data Protection Law Relating to Third Party rights
Data Protection and Privacy

New Law enables Third Parties to a Contract to benefit from Data Protection Rights

A recently published Legal Notice (204 of 2023) has created the “Enforcement of the Rights of Data Subjects in relation to Transfers of Personal Data to a Third Country or an International Organisation Regulations” (Subsidiary Legislation 586.12). This marks the first time that an entirely new subsidiary law has been enacted under the auspices of the Data Protection Act (Chapter 586 of the laws of Malta), since June 2018, shortly after the coming into force of the GDPR. S.L. 586.12 resolves a long-standing lacuna in the field of Maltese data protection law. The scope and purpose of this new law…
The European Data Protection Board has issued its Opinion on the European Commission’s Draft Adequacy Decision which constitutes a new framework for transatlantic transfers of personal data.
Data Protection and Privacy

The EDPB Issues Opinion on the New EU-U.S. Data Privacy Framework

On the 28th of February 2023, the European Data Protection Board (hereinafter referred to as the “EDPB”) issued its Opinion on the European Commission’s draft adequacy decision regarding the EU-U.S. Data Privacy Framework. Whilst acknowledging the significant improvements made to the Data Privacy Framework such as the improved new redress mechanism under the Executive Order on Enhancing Safeguards for United States Signals Intelligence Activities, the EDPB’s opinion also highlighted some issues of concern which had previously been raised so as to ensure that the new adequacy decision will be long-lasting. The principal issues of concern specifically relate to the data…
U.S. President Joe Biden has recently signed an Executive Order implementing the commitments made by the U.S. in the agreement reached with the EU concerning a new EU-U.S. data privacy framework.
Data Protection and Privacy
The New EU-US Personal Data Transfer Framework
EU Legislation
Data Protection and Privacy
Deadline for Third Country Personal Data Transfers: EU Standard Contractual Clauses
The EU Data Act – Not Another GDPR
Data Protection and Privacy
The EU Data Act – Not Another GDPR