Start­seite » Ser­vices » GDPR Ser­vices Mal­ta

GDPR Services Malta

The Gen­er­al Data Pro­tec­tion Reg­u­la­tion (EU) 2016/679 (GDPR) came into effect across the Euro­pean Union on the 25th of May 2018. Essen­tial­ly, this Reg­u­la­tion repealed the then Data Pro­tec­tion Direc­tive 95/46/EC.

In 2016, the EU decid­ed that the Direc­tive should be replaced for legal cer­tain­ty and har­mon­i­sa­tion pur­pos­es. Local­ly, the Data Pro­tec­tion Act (Chap­ter 440 of the Laws of Mal­ta) was replaced by Chap­ter 586 of the Laws of Mal­ta to reflect the new Reg­u­la­tion.

The above-men­tioned main­ly cov­ers data pro­tec­tion and pri­va­cy for all data sub­jects with­in the EU and the EEA as well as strives to reg­u­late how per­son­al data is processed by Data Con­trollers and Data Proces­sors.

DWP has been prepar­ing for the com­ing into force of this Reg­u­la­tion since 2016, and GDPR Ser­vices form part of the ser­vices being offered by DWP Dr. Wern­er and Part­ner, which include but are not lim­it­ed to the fol­low­ing:

  • Legal advi­so­ry ser­vices
  • Train­ing for employ­ees deal­ing with per­son­al data
  • Draft­ing of pri­va­cy poli­cies, pro­ce­dures, agree­ments, adden­dums and oth­er notices
  • Check­ing which cook­ies are being used that have to be pro­vid­ed to be GDPR Com­pli­ant.

DWP has a GDPR Com­pli­ance Team who is respon­si­ble for mat­ters relat­ing to pri­va­cy and data pro­tec­tion. The Team may be reached on gdprcompliance@drwerner.com or by call­ing on +356 21377700.

More Information

WHEN WAS THE REGULATION ADOPTED?

The Reg­u­la­tion (GDPR) was approved in 2016 and came into force 2 years lat­er on the 25th of May 2018.

IS THERE A DIFFERENCE BETWEEN REGULATION AND DIRECTIVE ?

A Direc­tive is a non-bind­ing leg­isla­tive act. A Reg­u­la­tion is a leg­isla­tive act which is bind­ing in nature.

Hence, whilst Mem­ber States were not oblig­ed to adopt the 1995 Data Pro­tec­tion Direc­tive, but could do so at their own dis­cre­tion, with the intro­duc­tion of the GDPR, Mem­ber States now have an inher­ent oblig­a­tion to trans­pose this new Reg­u­la­tion with­in their domes­tic leg­is­la­tion.

DOES THE GDPR AFFECT ME?

If you are an organ­i­sa­tion oper­at­ing with­in the EU, it affects you… but not only. GDPR also applies to organ­i­sa­tions out­side the EU giv­en that they offer their ser­vices to data sub­jects with­in the EU. If data is being processed and held with­in the EU, then GDPR applies.

WHAT HAPPENS IF I AM NON-COMPLIANT?

Organ­i­sa­tions may be fined up to 4 per­cent of their annu­al glob­al turnover if there is a GDPR Breach or a fine of €20,000,000. These are the max­i­mum fines imposed how­ev­er it depends on the breach. GDPR rules applies to each proces­sor and con­troller so do not take GDPR for grant­ed.

IS MY NAME AND SURNAME PERSONAL DATA?

Short answer is yes. Per­son­al data refers to any infor­ma­tion which can, direct­ly or indi­rect­ly iden­ti­fy a per­son. By pro­cess­ing the name and sur­name of an Indi­vid­ual you will auto­mat­i­cal­ly fall under the reg­u­la­tion as you would be pro­cess­ing per­son­al data. Per­son­al data is not just your name and sur­name but includes numer­ous per­son­al iden­ti­fiers.

DATA PROCESSOR VS DATA CONTROLLER?

A data con­troller is the enti­ty that deter­mines the pur­pos­es, con­di­tions and means of the pro­cess­ing of per­son­al data. On the oth­er hand, a data proces­sor is an enti­ty which process­es per­son­al data on behalf of the data con­troller.

IS CONSENT NECESSARY ?

Lengthy terms and con­di­tions no longer do the trick. Under GDPR, con­sent needs to be obtained in a trans­par­ent man­ner and needs to be explic­it. In some cas­es, con­sent is nec­es­sary how­ev­er not every thing revolves around con­sent.

WHEN IS EXPLICIT CONSENT STRICTLY NECESSARY ?

Explic­it con­sent is a must when pro­cess­ing sen­si­tive per­son­al data – (no pre-ticked box­es).  For oth­er per­son­al data clear-cut con­sent will suf­fice.

IS MY MARKETING STRATEGY AFFECTED BY GDPR

In this dig­i­tal age, mar­ket­ing strate­gies are cru­cial for the oper­a­tion of a busi­ness, how­ev­er peo­ple work­ing in mar­ket­ing have to make sure that they are fol­low­ing GDPR and e‑Privacy rules.

WHAT ABOUT MINORS AS DATA SUBJECTS?

When a minor under 16 years of age is a data sub­ject, parental con­sent is required for the pro­cess­ing of per­son­al data.

SHOULD I PANIC IF I MISSED THE DEADLINE?

Due to the fact that non-com­­pli­ance with the GDPR may impose high­er fines on yur organ­i­sa­tion, this requires your imme­di­ate action.

That is why we are here to help.

Con­tact us NOW to guide you on how to get your organ­i­sa­tion up and run­ning in accor­dance with the new GDPR oblig­a­tions.