GDPR Services

The General Data Protection Regulation (EU) 2016/679 (GDPR) came into effect on the 25th of May 2018. Essentially, this Regulation repealed the then Data Protection Directive 95/46/EC.

In 2016, the EU decided that the Directive should be replaced to enhance legal certainty and ensure harmonization across all member states. Locally, the Data Protection Act (Chapter 440 of the Laws of Malta) was replaced by Chapter 586 of the Laws of Malta to reflect the new Regulation.

The above-mentioned mainly covers data protection and privacy for all data subjects within the EU and the EEA as well as strives to regulate how personal data is processed by Data Controllers and Data Processors.

We understand that GDPR compliance can seem overwhelming – with all those new rules and ongoing processes to comply with. Every business is unique, so a one-size approach doesn’t work for everybody. We will work with you speedily and affordably to understand what your business needs, provide data protection legal advice and agree on a pathway to compliance.

The GDPR is a regulation that requires protection of personal data and privacy of EU citizens for transactions that occur within EU member states. Non-compliance could cost companies dearly. 

Due to the fact that non-compliance with the GDPR may impose higher fines on your organisation, this requires your immediate action. Therefore, it is important that you deal with the topic early rather than late.

That is why we are here to help.

Contact us NOW to guide you on how to get your organisation up and running in accordance with the new GDPR obligations. 

What our Service includes

Data Protection Advice

  • Data protection advice on how the GDPR can be implemented in the operations of a business
  • GDPR check (or pre-audit and gap analysis) for your business pointing out what changes should be made in line with the action plan drafted by one of our Lawyers.
  • Identifying whether you are the Controller or the Processer as well as advising on the different obligations assigned to each role
  • Advice on how to obtain consent from customers only where necessary and in line with the GDPR
  • Checking which cookies are being used that have to be provided to be GDPR Compliant
  • Inhouse-training or online courses for employees dealing with personal data

Legal Advice

  • Helping you set up contracts between Data Processors and Data Controllers
  • Helping you prepare the policies you need for GDPR compliance (such as Privacy Policy, Cookie Policy, IT Security Policy and Retention Policy (including a Data Inventory)

DPO (Data Protection Officer)

  • The GDPR specifies that certain companies shall appoint a qualified Data Protection Officer (DPO). Such requirement may be outsourced, and for this reason we offer DPO as a service. A company may be faced with resources challenges, and DWP Dr Werner & Partner are here to help.

Who can benefit from our services

Subject persons that conduct relevant activities. Therefore, this covers a very wide selection of clients. Examples of clients can include: 

  • Businesses and Business owners
  • Auditors & accountants who take on new clients;
  • Real estate agents in conducting a property sale, or rental agreement;
  • Notaries and legal professionals when buying/selling property, managing client funds, opening and management of bank accounts, and creation of companies, trusts, foundations and similar structures;
  • Nominee companies that provide nominee services;
  • Gaming companies;
  • Natural and legal persons involved in mergers and acquisitions, corporate takeovers, appointment of new directors, and change in shareholding structure;
  • Financial Service Providers such as banks, securities firms, VFA Agents, insurance companies;

Why you should choose us for GDPR Services

We as a firm have to deal with sensitive data that needs to be handled confidentially and know all relevant security measures like 2FA, Automatic Shutdown, Password Protection, Cloud Services etc.. Therefore, we know exactly what is important and can advise you in a practice-oriented way. In addition, we have many years of experience and highly qualified lawyers who can give you excellent advice.

Do you have questions about a data protection issue? We offer you a free initial consultancy. Personal or digital.

Our qualifications

  • DWP has a GDPR Compliance Team who is responsible for matters relating to privacy and data protection.
  • DWP has been preparing for the coming into force of this Regulation since 2016, and GDPR Services form part of the services being offered by DWP Dr. Werner and Partner.

Our very own Dr Rebecca Mifsud is also nominated for Data Protection Officer (DPO) positions and she is very well versed in the topic, enabling her to assist you with GDPR Compliance.

What our clients say about our service

Key Contacts for GDPR Services

Rebecca Mifsud

Frequently Asked Questions about GDPR Services

The Regulation (GDPR) was approved in 2016 and came into force 2 years later on the 25th of May 2018.

Money laundering affects subject persons because the financial system can be used to channel illicit gains, and therefore subject persons need to adopt measures to ensure that money gained through unlawful means is not channeled and laundered through the system. Therefore, subject persons are affected because they are required by law in order to implement internal systems to identify & mitigate risks of money laundering, and where suspicion of money laundering exists, subject persons are required to file a Suspicious Transaction Report to the Financial Intelligence Analysis Unit.

A Directive is a non-binding legislative act. A Regulation is a legislative act which is binding in nature.

Hence, whilst Member States were not obliged to adopt the 1995 Data Protection Directive, but could do so at their own discretion, with the introduction of the GDPR, Member States now have an inherent obligation to transpose this new Regulation within their domestic legislation.

If you are an organisation operating within the EU, it affects you… but not only. GDPR also applies to organisations outside the EU given that they offer their services to data subjects within the EU. If data is being processed and held within the EU, then GDPR applies.

Organisations may be fined up to 4 percent of their annual global turnover if there is a GDPR Breach or a fine of €20,000,000. These are the maximum fines imposed however it depends on the breach. GDPR rules applies to each processor and controller so do not take GDPR for granted.

Short answer is yes. Personal data refers to any information which can, directly or indirectly identify a person. By processing the name and surname of an Individual you will automatically fall under the regulation as you would be processing personal data. Personal data is not just your name and surname but includes numerous personal identifiers.

A data controller is the entity that determines the purposes, conditions and means of the processing of personal data. On the other hand, a data processor is an entity which processes personal data on behalf of the data controller.

Lengthy terms and conditions no longer do the trick. Under GDPR, consent needs to be obtained in a transparent manner and needs to be explicit. In some cases, consent is necessary however not everything revolves around consent.

Explicit consent is a must when processing sensitive personal data – (no pre-ticked boxes).  For other personal data clear-cut consent will suffice.

When a minor under 16 years of age is a data subject, parental consent is required for the processing of personal data.

Are you GDPR compliant?

Get a free first consultation.

Expert- & Blog Posts about GDPR Services

Blockchain GDPR

Blockchain Technology vis-à-vis the GDPR

The use of blockchain technology is still new to our digital age, however it is important to view such usage from a GDPR Perspective. The GDPR mainly focuses on the Protection Data and highlights the importance of compliance with the requirements set out in the Regulation. Despite the incompatibilities, the GDPR and Blockchain Technology can co-exist.

Read more