Personal data will not be used for other purposes and will not be disclosed to third parties without your consent unless obliged under a specific law, international convention or EU regulation.
Therefore, this is now the primary source of law regulating data protection and the processing of personal data in Malta. That said, the GDPR allows member states Data protection act malta flexibility to regulate certain areas of the law within specific parameters.
Accordingly, Malta recently enacted a new Data Protection Act Chapter of the Laws of Malta, which repealed and replaced the old Chaptertogether with a set of subsidiary laws which regulate sector-specific data protection issues.
This update summarises the changes that have been brought about by the new act and the subsidiary laws in Malta. Of course, organisations established in Malta that process personal data which may be governed by the laws a foreign jurisdiction eg, by targeting services to data subjects established in another country or processing the personal data of data subjects that reside in another country must also be aware of any country-specific data protection laws which might affect their processing activities.
For instance, it regulates the establishment and powers of the Office of the Information and Data Protection Commissioner IDPC and stipulates procedural rules as to how the IDPC can investigate claims, institute prosecution and impose fines. It also regulates appeal procedures. The new act recognises the extended regulatory reach of data protection laws in order to reflect the wider scope that the GDPR mandates.
Therefore, the law now also applies to controllers and processors not established in the European Union that process the personal data of individuals ie, data subjects who are in Malta where the processing relates Data protection act malta Additionally, as with the old act, Chapter contains special rules relating to the processing of personal data for journalistic, research, archiving, historical and statistical purposes.
It also regulates certain derogations for public interest and security purposes. However, of key interest are the following new provisions. Consultation and prior authorisation obligations Under the new act, a data controller must consult with, and obtain prior authorisation from, the commissioner where the controller intends to process, in the public interest: Processing of identification cards Under the GDPR, EU member states are free to set their own rules regarding the processing of national identification numbers.
The new act provides that an identity document can be processed only when doing so is clearly justified, having regard to: The new obligation set out by the GDPR and reflected in the act is that a national identity number or any other identifier of general application must be used only under appropriate safeguards to protect the rights and freedoms of the data subject.
The GDPR allows EU member states to determine whether administrative fines will be imposed on public and government authorities in the respective state.
In Malta, the IDPC can impose administrative fines on a public or government authority; however, depending on the nature of infringement, these fines will be capped at: Of course, officers of a company should be vigilant in this regard, as this implies personal criminal liability.
The GDPR and the new act restate this; however, this time data processors are also in the line of fire. This remedy may include instituting a damages action against the relevant controller or processor.
Of particular interest in the Maltese scenario is how the GDPR provides that any person who has suffered material or non-material damage as a result of an infringement of the GDPR has the right to receive compensation from the controller or processor for the damage suffered.
As a result, the new act provides that if a court finds the controller or processor liable for the damage caused, the court will set out the amount of damages factoring in moral damages.
Moral damages in terms of data protection are novel in Malta. This concept is also somewhat testing in the context of Maltese law, which has rarely contemplated awarding moral non-pecuniary damages.
How the Maltese courts will apply this in practice is not yet known. That said, caution must be exercised, as compensation will be awarded for non-material damage, such as reputational of psychological distress caused by a breach of data protection law.
For instance, the following have been left up to member states: However, the act contemplates no specific rules to this effect. While the act provides no specific instances when a DPO must be appointed, it grants the minister for data protection the power to legislate further on this matter.
The act does not introduce more specific provisions. The act does not introduce further rules on this subject. Sector-specific data protection regulations In addition to the new Data Protection Act, the Maltese legislature has re-enacted certain subsidiary laws that applied under the old regime.
The EU E-Privacy Directive regulates the processing of personal data in the context of e-communications and is highly relevant in the context of marketing and the use of web-cookies and similar tracking technologies, among other things.
Other sector-specific regulations relate to: Further, with the onset of the GDPR, four new subsidiary laws have been enacted: Historically, the insurance industry has relied heavily on explicit but mandatory consent for the processing of health-related data.
These new regulations seek to address this issue by facilitating the processing of data concerning health, where such data is necessary and proportionate for the purposes of an insurance policy.
Therefore, provided that certain conditions are satisfied, insurers may now rely on these regulations to process health data when this is necessary and proportionate for the purposes of the insurance policy. For instance, this derogation may be applied in circumstances where data concerning health is deemed necessary to settle insurance claims.
The legislature has clarified that in the absence of consent from a child's parent or legal guardian, the processing of a child's personal data in relation to information society services will be lawful only for children that are 13 years old or older.
This does not alter the rules on the age of consent for entering into contracts, as that is separately governed by Maltese law.The Data Protection Act of was enacted in Malta on the 14th December , with both sides of the House of Representatives voting in favour of the Act.
This continued to further confirm Malta’s tradition to cherish democratic values, foremost amongst which is the right of the individual to privacy. From 25 May , the principal data protection legislation in the EU will be Regulation (EU) / (the General Data Protection Regulation or GDPR).
Malta Data Protection GANADO Advocates 14 . ACT XXVI of , as amended by Acts XXXI of and IX of ; Legal Notices and of , of ; Acts XVI of and XXV of ; .
Aug 06, · Accordingly, Malta recently enacted a new Data Protection Act (Chapter of the Laws of Malta, which repealed and replaced the old Chapter ), together with a set of subsidiary laws which regulate sector-specific data protection issues.
The new Chapter and the collection of subsidiary laws complement and must be read with the GDPR. We are committed to protecting our visitors’ privacy and therefore we will not collect any personal information about you as a visitor unless you provide it voluntarily.
Extraction Solvents for Foodstuffs Regulations.
Bye-laws for the Degree of Master of Fine Arts (M.F.A.) i.. Doctor of Medicine and Surgery - M.D. - Degree Course Reg.