Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Malta > Legal Developments > Law firm and leading lawyer rankings


IDPC fines Lands Authority for Data Breach

On the 18th of February, the Information and Data Protection Commissioner (“IDPC”) imposed a €5,000 fine on the Lands Authority after having investigated a major data breach in November 2018.

As a result of the lack of appropriate security measures on the Lands Authority website, over 10 gigabytes of personal data became easily accessible to the public via a simple google search. The majority of the leaked data contained highly-sensitive information and correspondence between individuals and the Authority itself.

Administrative Fines for Public Authorities/Bodies

The GDPR expressly states that “each Member State may lay down the rules on whether and to what extent administrative fines may be imposed on public authorities and bodies established in that Member State”. For this reason, the levels of administrative fines imposed on public authorities and bodies vary throughout the EU.

In Belgium, public authorities are not liable to administrative fines except when such authority or body is offering goods or services to the market. On the other hand, in Ireland, a public authority or body can be fined up to a maximum of €1,000,000 for breaching the provisions of the GDPR.

In Malta, in the case of a breach by a public authority or body, the IDPC may impose an administrative fine of up to €25,000 for each violation and may additionally impose a daily fine of €25 for each day such violation persists. The law also allows such a fine to be doubled in the event of more serious cases, i.e. a €50,000 fine for each violation and a daily payment of €50 for each day such violation persists. The fines imposed depend on the provisions of the law which have been breached by the authority.

The Lands Authority chose not to appeal to the fine of €5,000 imposed by the IDPC despite having the right to do so.  The Authority is currently carrying out penetration testing on its website and has migrated its data to servers owned and managed by Malta Information Technology Agency, as a risk mitigation procedure.

Administrative Fines for Private Entities

It is clear that the GDPR was intended to multinational private entities which process large amount of personal data, such as Facebook and Google. For this reason,  if private entities do not adhere to the GDPR, they will become liable to much higher fines than public authorities and bodies.

Merely processing data without the instructions of the Data Controller or processing personal data of a child without the necessary parental consent can attract a fine of up to 2% of total global annual turnover or €10m (whichever is the higher). More serious breaches will lead to more serious fines; unlawfully processing someone’s personal data or restricting the data subject from his rights to erasure of personal data can lead to a fine equivalent to 4% of the annual global turnover of said organisation, or €20 million, whichever is greater. Hence, adherence to the GDPR through self-regulation is key.

For further information about how GVZH Advocates can help you with your data protection legal requirements and to enquire further about your new obligations under the GDPR, kindly contact us here.

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -

International Law Firm Networks