Malta applies its new GDPR style law in a pragmatic way
PL&B talked to Malta’s Information and Data Protection Commissioner, Saviour Cachia, about changes in their legislative framework. By Laura Linkomies.
Malta’s new GDPR-style law, Data Protection Act 2018 (Chapter 586 of the Laws of Malta), took effect on 28 May 2018. It follows and implements the GDPR and includes derogations for processing for archiving purposes in the public interest, scientific or historical research or statistical purposes, and journalistic purposes.
The law lowers the age at which a child can consent to online services, and is currently 13. Other new aspects include data breach notification, and a fines regime for public entities. Depending on the type of infringement, public sector bodies can be fined up to €25,000 or up to €50,000, and may incur a daily fine of €25 or €50 for each day the violation persists. In addition to the GDPR-style fines, the law stipulates that any person who knowingly provides false information to the DP Authority’s (DPA) investigations or does not comply with a request for an investigation, can be subject to a fine between €1,250 and €50,000 and/or imprisonment for six months.