Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Malta > Legal Developments > Law firm and leading lawyer rankings

Editorial

GDPR Administrative Fines: New Guidelines Recently Adopted

On 25 May 2018, Regulation 2016/679, the General Data Protection Regulation (GDPR) will come into effect across the European Union (including Malta). As has been widely reported, infringement of the GDPR may lead to fines as high as â‚¬20,000,000 or 4% of an entity's total worldwide annual turnover (whichever is higher). 

On 25 May 2018, Regulation 2016/679, the General Data Protection Regulation (GDPR) will come into effect across the European Union (including Malta). As has been widely reported, infringement of the GDPR may lead to fines as high as â‚¬20,000,000 or 4% of an entity's total worldwide annual turnover (whichever is higher). On 3rd October 2017, the Article 29 Working Party adoptedguidelines on the application and setting of the said administrative fines under the GDPR. The guidelines are intended for use by supervisory authorities to ensure improved application and enforcement of the GDPR and to encourage its consistent interpretation and application. The GDPR outlines the powers of local supervisory authorities when addressing an infringement by a data controller or a data processor (the latter being directly answerable at law as of 25 May 2018). The new guidelines emphasise that in the exercise of their powers, supervisory authorities (including Malta's Office of the Information and Data Protection Commissioner) must observe the following key principles: 

  1. Infringement of the [GDPR] should lead to the imposition of "
  2. Like all corrective measures chosen by the supervisory authorities, administrative fines should be "effective, proportionate and dissuasive
  3. The competent supervisory authority will make an assessment "in each individual case";
  4. A harmonized approach to administrative fines in the field of data protection requires active participation and information exchange among Supervisory Authorities.

With regards to sanctions imposed, the guidelines stress that there should be a degree of consistency among Member States. Therefore, despite the fact that supervisory authorities remain completely independent from each other, there must still be a level of uniformity with regards to enforcement. Corrective measures must also be suitable to the nature, gravity and consequences of the breach in question, taking into account all the facts of the case. This guarantees that fines shall be objectively justifiable and not arbitrary. Furthermore, the guidelines highlight the requirement imposed by the GDPR itself that supervisory authorities are to evaluate each case on an individual basis when exercising their discretion in relation to the corrective measures to be imposed. Finally, the guidelines stipulate that supervisory authorities must cooperate with each other (through mechanisms such as information exchanges) and, where relevant, also with the European Commission.

The guidelines also expand on the assessment criteria (found in the GDPR) that supervisory authorities are expected to use when determining whether a fine should be imposed and, if so, the amount of such fine. It should be noted that the said guidelines are not exhaustive and do not take into account the inherent differences between civil, administrative and criminal law systems of all the Member States. 

The full text of the guidelines can be downloaded by clicking the following link: http://ec.europa.eu/newsroom/just/document.cfm?doc_id=47889

Disclaimer: This document does not purport to give legal advice. For any queries relating to data protection (including the incoming GDPR), please do not hesitate to contact Dr. Claude Micallef-Grimaud or Dr. Antoine Camilleri. General enquiries should be sent to dataprotection@mamotcv.com

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -
Europe

International Law Firm Networks