The General Data Protection Regulation (GDPR) is the highest-significance change in the regulation of data-privacy during the last 20 years. It will affect any organisation dealing with significant amounts of personal data within the EU, including Malta.
GDPR is a single EU law devised to abolish the current fragmented network of data protection and privacy laws across member states. With GDPR, the EU aims to have better, unified control over the digital economy and privacy issues that may arise from companies’ handling of personal data.
All Maltese and EU companies need to abide by the new regulation or risk hefty fines and sanctions. We’re here to make sure you’re up to speed!
After 4 painstaking years of debate and preparation, GDPR was finally approved by the EU Parliament on 14 April 2016. The new general data protection regulation has entered into force only 20 days after its publication date in the EU Official Journal. GDPR becomes directly applicable in all EU member states on 25 May 2018.
After this date, non-compliant organisations face heavy fines and the Maltese Data Protection Act (Chapter 440 of the Maltese Constitution) will be permanently repealed and replaced by GDPR.
GDPR is a leap forward from the older Data Protection Directive 95/46/EC. It’s designed to:
• Harmonise privacy laws across Europe
• Protect and empower all EU citizens’ data privacy
• Reshape the way organisations across the region approach privacy
This is where we come in. We can make the key points of GDPR readily understandable to you and your organisation, plus advise you on how to make sure your organisation is compliant ahead of the May deadline.
Since the new regulation is extensive and fines can reach €20,000,000 or 4% of an entity’s total worldwide annual turnover, GDPR comes with serious obligations and consequences.
Here are some of the other changes proposed by the new laws:
• GDPR will apply to a wider area in the EU
• You will have to notify users of your breaches
• You might have to appoint a new Data Protection Officer
• Your data processors will now be held directly liable by law
• You will have to abide by more stringent consent requirements for handling personal information
• You will have to provide more information to data subjects and users
• Your data controller-processor contracts will be guarded by more stringent requirements
• The general notification requirement will be removed
• You will have to observe new subject rights for users
While this is welcome news for your personal data protection, your organisation might still be lagging behind on the implementation of some of the changes above.
The object of our advisory role is to help you take the necessary measures to become fully compliant before 25 May 2018. With our intervention, not only will your organisation be versed in the best data practices, but you’ll also be immune to severe financial punitive action for the utmost peace of mind.