Twitter Logo Youtube Circle Icon LinkedIn Icon

The Legal 500 Hall of Fame Icon The Legal 500 Hall of Fame highlights individuals who have received constant praise by their clients for continued excellence. The Hall of Fame highlights, to clients, the law firm partners who are at the pinnacle of the profession. In Europe, Middle East and Africa, the criteria for entry is to have been recognised by The Legal 500 as one of the elite leading lawyers for seven consecutive years. These partners are highlighted below and throughout the editorial.
Click here for more details

Malta > Legal Developments > Law firm and leading lawyer rankings

Editorial

Significant Number of Personal Data Breaches Reported to the Maltese Supervisory Authority Post GDPR

There have been more than 100 personal data breaches notified to the Maltese IDPC post GDPR. 17 GDPR fines have been imposed. Click below to learn more about the situation across the EU.

Mamo TCV Advocates has recently contributed to an EU-wide survey carried out by DLA Piper focusing on the number of personal data breaches notified to regulators as well as the first fines issued under the new EU General Data Protection Regulation (GDPR) regime for the period from 25 May 2018 to International Data Protection Day on 28 January 2019.

The survey, published on 6 February 2019, reveals that across Europe, following the coming into effect of the GDPR, more than fifty-nine thousand (59,000) personal data breaches were reported to local supervisory authorities with a total of 91 'GDPR fines' being imposed (not all relating to data breaches). In Malta, over one hundred (100) personal data breaches were notified to the Maltese Information and Data Protection Commissioner (IDPC) with seventeen (17) GDPR fines being imposed by the same. Per capita, the Maltese figures are significant.

The GPDR makes it mandatory to notify certain data breaches. As a rule, and as far as Malta is concerned, data controllers must report a data breach to the IDPC within 72 hours of becoming aware of it. By way of exception to the general rule above, breach notification to the IDPC is not required where the data breach is unlikely to result in a risk to the rights and freedoms of natural persons.

The GDPR also obliges data controllers to notify affected data subjects without undue delay in the event of a data breach which is likely to result in a high risk to the rights and freedoms of natural persons. Notification to the data subjects is not generally required when:

The risk of harm is remote because the personal data are protected;

The data controller has taken measures to protect against the harm;

Notification would require disproportionate efforts (but here, a public communication or similar measure would be required).

To read the full 'DLA Piper GDPR data breach survey' please visit https://www.dlapiper.com/en/uk/insights/publications/2019/01/gdpr-data-breach-survey/

For more information about the GDPR please visit www.gdprmalta.com

Interview with...

Law firm partners and practice heads explain how their firms are adapting to clients' changing needs

International Law Firm Networks

International comparative guides

Giving the in-house community greater insight to the law and regulations in different jurisdictions.

Select Practice Area

GC Powerlist -
Europe

International Law Firm Networks