Privacy & Data Protection

The EU General Data Protection Regulation (GDPR) provides legal certainty to individuals and businesses throughout the European Union and imposes obligations on entities, businesses or any other organisations on how data privacy shall be ascertained and how client personal data shall be controlled.

Another important aspect of data privacy is the rights which protect such confidential information of natural persons, such as the right to give consent to the data controller, the right to be informed of how such personal data is being utilised, the right to access such data, the right to have such data deleted and the right to limit how entities, businesses or any other organisation use such data. The GDPR requires that personal data is processed in a lawful, fair and transparent manner.

Even though today’s modern and technological world is evolving and improving, data subjects still face a high risk of breach of their personal data. Laws and regulations such as the GDPR and the Maltese General Protection Data Act (Chapter 586 of the Laws of Malta) are important tools for today’s business world since they strengthen the protection of data subjects’ rights and regulate how entities, businesses or any other organisation process such personal data and how such data shall be safeguarded. Furthermore, economic and social integration resulting into cross-border flows of personal data requires such businesses to implement a highly diligent approach as to how such data shall be managed and monitored. Infringement of these laws and regulations can lead to fines amounting to 20million or 4%of the total turnover of the entity. 

How can PwC help?

Strict new compliance requirements are imposed by the GDPR. For example, entities have to perform “Privacy Impact Assessments” and privacy audits as a matter of course. They have to implement “Privacy by Design” methodologies into their business, so that compliance is baked-in to everything they do. Entities have to deliver on a new “Accountability” obligation, which means creating written compliance plans, which they have to deliver to regulators on demand. Our team of experienced professionals will assist you in reviewing and/or drafting of company privacy policies, reviewing and/or drafting of controller-processor agreements with third parties, conducting data protection audits, drafting of Data Protection Impact Assessments, assisting Data Protection Officers (DPO) and conducting training to employees who may deal with personal data, for your entity to remain compliant with these laws and regulations.

Contact us

George Sammut

George Sammut

Advisory Partner, PwC Malta

Tel: +356 2564 7091

Mark Lautier

Mark Lautier

Tax Partner, PwC Malta

Tel: +356 2564 6744

Follow us