Data Privacy and Protection Legislation in Malta, GDPR

January 31, 2022 | 4 minutes read
Data Privacy and Protection Legislation in Malta, GDPR

Malta’s Data Protection Act (Act XX 2018) is a data privacy law that was passed in 2018. The Data Protection Act (Act XX 2018) was passed for the purposes of implementing the provisions of the General Data Protection Regulation or GDPR into Matalan law, as Malta is a member state within the European Union. As such, the Data Protection Act (Act XX 2018) mandates that data controllers and processors within Malta adhere to the same requirements and obligations that are applicable to similar parties in other EU member states. Moreover, the Data Protection Act (Act XX 2018) also varies from the EU’s GDPR law in certain instances, particularly as it concerns the legal basis upon which data may be collected, processed, and ultimately used within the country of Malta.

What are the primary differences between Malta’s Data Protection Act and the GDPR law?

In terms of the differences between Malta’s Data Protection Act (Act XX 2018) and the EU’s GDPR law, both pieces of legislation are largely similar as it concerns the legal framework that data controllers and processors within Malta must adhere to when processing personal data. For instance, Malta’s Data Protection Act (Act XX 2018) requires data controllers and processors within Malta to process personal data in accordance with the same data protection principles that were established by the EU’s GDPR law. These principles include but are not limited to ensuring that personal data is processed in a manner this is lawful, fair, and transparent, and all personal data that is processed must be accurate. However, the two laws do vary as it relates to personal data that is processed in the interest of the general public.

As stated in Malta’s Data Protection Act (Act XX 2018), “the Act establishes under Article 6(2) that controllers and processors may derogate from the provisions of Articles 15, 16, 18, 19, 20, and 21 of the GDPR for the processing of personal data for archiving purposes in the public interest. This is so, in so far as the exercise of the rights set out in those articles are likely to render impossible or seriously impair the achievement of those purposes or the controller reasonably believes that such derogations are necessary for the fulfillment of those purposes. Further to this, however, Article 7 of the Act stipulates that the controller must consult with and obtain authorization from the Commissioner where the controller intends to process data in the interest of the public. This authorization is required when the data is related to genetic data, biometric data, data concerning health for statistical or research purposes, and special categories of data related to the management of social care services and systems.”

What are the rights of Matalan citizens under Malta’s Data Protection Act?

The rights of Matalan citizens under Malta’s Data Protection Act (Act XX 2018) are largely the same as those provided to citizens who reside within other member states in the European Union. These rights include:

Alternatively, Malta’s Data Protection Act (Act XX 2018) does set forth certain conditions and circumstances upon which the data privacy rights of Matalan may be derogated from. To illustrate this point further, the right to be informed of data processing activities may be derogated from under Malta’s Data Protection Act (Act XX 2018), permitting data processing activities are in relation to personal data that is used in the context of “scientific and historical research purposes, official statistics, and archiving purposes in the public interest.” Conversely, the law also mandates that the right to data portability be derogated from, in instances where data portability would be “likely to render impossible or seriously impair the achievement” of the personal data that was processed.

What are the penalties for violating Malta’s Data Protection Act?

As it relates to penalties and punishments that can be imposed against individuals and organizations that violate the provisions of Malta’s Data Protection Act (Act XX 2018), the Information and Data Protection Commission or the IDPC for short, Malta’s data protection authority, has the authority to levy a number of sanctions against data controllers and processors who fail to maintain compliance with the law. Such sanctions include monetary penalties ranging from €25,000 to €50,000 ($28,541 to $57,083), depending on the scope and severity of the particular offense, as well as daily monetary penalties ranging from €25 to €50 ($28 to $57) for each day in which a violation under the law persists.

Malta’s Data Protection Act (Act XX 2018) serves as a means to secure the data protection and personal privacy rights of Matalan citizens. As the law implements the various provisions of the EU’s GDPR law into Matalan law, said citizens have various avenues for recourse should their rights be violated or infringed upon during the course of data collection or processing activities. Furthermore, through provisions in the EU’s GDPR law that allow member states to make changes to the legislation to fit the unique data protection needs of their citizens, Malta can continue to improve the data privacy landscape of their country for years to come.

Related Reads

Anyone doing business in or with the EU's 27 member states must take redaction seriously or possibly face million euro fines.
June 20, 2024 | 5 minutes read
The EU’s GDPR And How To Best Comply In 2024

What is the GDPR? How do you comply? With CaseGuard Studio, the all-in-one redaction solution, sensitive data redaction is made simple with powerful AI tools.

Learn More »
Two police officers on motor cycles watching people use a cross walk in the UK.
September 06, 2023 | 4 minutes read
Blurring Faces from Videos and The Truth About Body-Worn Camera Privacy

Body-worn cameras are an essential piece of equipment for law enforcement officers and the redaction of faces from BWC footage is necessary to protect the privacy of individuals.

Learn More »
Doctor in green scrubs looking at multiple computer screens with sensitive medical information on them
August 30, 2023 | 4 minutes read
Sensitive Information, Protected: Patient Privacy, HIPAA, And You

HIPAA compliance ensures patient privacy. Often making the consequences of non-compliance severe, so how do you avoid that?

Learn More »
healthcare worker
July 12, 2023 | 5 minutes read
Protecting Privacy in the Healthcare Field: PII, PHI & PCI

Healthcare professionals handle a wide range of sensitive data that is crucial for delivering quality care. But protecting that data is getting harder.

Learn More »
surveillance-cameras
June 26, 2023 | 6 minutes read
FISA Section 702, Is The US Government Monitoring You?

Is there a give-and-take relationship that must be accepted when it comes to keeping the country safe? Should U.S. persons be okay with the incidental collection of their conversations in the name of national security under FISA Section 702? Even when it violates their constitutional rights? Well, that’s up to Congress to decide.

Learn More »
Dark room with an investigator standing behind suspect
May 31, 2023 | 5 minutes read
Using Redaction for Privacy Maintenance as An Investigator

These oaths emphasize upholding the law, serving the public, and protecting the rights of individuals. One of these many rights is privacy. An investigator must adhere to the legal and ethical guidelines within the jurisdiction and perform their investigation within those specifically set boundaries.

Learn More »