The General Data Protection Regulation will be entering into force on the 25th May 2018 introducing harmonious rules across all EU Member States on the processing of personal data and extending the territorial scope of the Regulations beyond the confines of the EU.  The GDPR builds upon and strengthens widely accepted principles of data processing and further introduces novel concepts, especially with regards to the rights of data subjects to determine how and under what circumstances their data is processed.  The GDPR also imposes additional and more stringent obligations on data controllers and processors and aims to ensure compliance through the introduction of heftier fines for organisations which are found in breach of such obligations.

If your organisation processes personal data, and is either established in Malta or offers goods or services to persons, or monitors the activities of persons residing in Malta, then here are a few points which you should be thinking about:


  • Do you currently hold consent of data subjects to process their personal data? Is such consent compliant with the requirements of the GDPR?
  • Do you currently process personal data on other legitimate grounds? Are these grounds still valid in terms of the GDPR?
  • Do you process data of minors below the age of 16?
  • Do you have proper policies in place to deal with requests for information and the exercise of other rights granted to data subjects in terms of the GDPR?
  • Do you engage data processors to process data on your behalf? Do you have the proper contractual provisions in place with your data processors?
  • Are your security measures up to date?
  • What are your legal obligations in case of a data breach?
  • Are data protection impact assessments required for any particular processing operations of your business?
  • Is your organisation required to appoint a data protection officer?
  • Do you transfer personal data outside the EU? What compliance actions are required under the GDPR in relation to such transfers?


These are a few of the particular issues which require further consideration by any data controller in anticipation of the introduction of the GDPR.  Organisations need to be equipped with adequate technical and organisational measures to ensure and be able to demonstrate that processing is performed in accordance with the GDPR.

How can IURIS help you?

IURIS offers a comprehensive list of services in so far as data protection compliance is concerned.  We have extensive experience with assisting organisations, both local and foreign, as well as organisations forming part of multi-national corporations, in ensuring compliance with their data protection obligations both under the Data Protection Act as enacted in Malta as well as the Data Protection Directive which will be replaced by the GDPR.

The following are a few of the services currently being offered by IURIS to assists clients in preparation of the GDPR:

  • Initial consultations to assess the processing operations of the particular client and provide general guidance on GDPR obligations;
  • Training to employees on GDPR compliance – tailor made to suit the organisation’s particular needs;
  • Assistance with drafting data protection policies according to the organisational set-up of the client;
  • Review of data protection impact assessments;
  • Drafting of data transfer agreements, controller – processor agreements, consent forms, privacy notices, and other contractual clauses dealing with data processing;
  • Assistance on all matters concerning data transfers outside the EU, including assistance in the process of obtaining authorisation where this is required;
  • Providing general guidance on all matters pertaining to data protection and the applicable legal obligations;
  • Liaising with the competent authorities on all matters relating to the processing of personal data;
  • Assisting clients before the competent administrative bodies, tribunals or courts on all matters relating to data protection compliance.

We can help you comply with the law, defaulting brings with it serious consequences – Are you prepared ?

For further information you may contact Dr. Rita Mifsud or Dr. Lena Sammut, or call our offices.