The protection of personal data cannot be overlooked.

The financial and reputational damage caused by a data breach can have far- reaching consequences to businesses and organisations.

The protection of personal data has been part of Maltese law since the adoption of the first Data Protection Act in 2001, which transposed the Data Protection Directive (EC 95/47) into Maltese law.  In 2018, a new Data Protection Act came in force (Chapter 586 of the Laws of Malta) which essentially transposes certain provision of the EU General Data Protection Regulation (Regulation EU/2016/679), commonly referred to as the GDPR.

The GDPR establishes a set of principles that anyone processing personal data must adhere to.

Some recently reported high-profile cases on breaches of personal data highlight the importance that organisations should place on protection of data, and that compliance with the GDPR should not be considered solely as a legal necessity but an important business process.

Failure to comply with the recently adopted European General Data Protection Regulation (GDPR) can lead to fines of up to 5% of annual worldwide turnover, or €100m, and also the possibility for individuals and associations, acting in the public interest, to bring claims for non-compliance.