General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)

Get in Touch with NAME

  • Hidden

The General Data Protection Regulation (GDPR) came into force on 25th May 2018 with the aim of modernising laws that protect personal information of individuals while increasing rights over how people can control such information. CSB Group advises business on these regulations and the implementation of GDPR compliant business practices.

EU Data Protection Reform

In January 2012, the Commission proposed a comprehensive reform of data protection within the European Union framework. Over 4 years in the making, the European Union General Data Protection Regulation (in short referred to as GDPR) was finally approved on 14th April 2016 and published in the European Union Official Journal on 4th May 2016. The Regulation came into force on 25th May 2018 and replaced the previous Data Protection Directive 95/46/EC and all the national laws implementing it. Indeed the GDPR presents the most ambitious and comprehensive changes to data protection rules since the 20-year-old Directive.

The GDPR removed the fragmented system that was previously in place with respect data protection, and established a single law that regulates all data protection matters which law applies directly throughout the European Union territory including Malta. The introduction of these new rules has seen the EU citizens' fundamental rights strengthened and protected.

What are the core changes in Data Protection?

It is highly recommended to look at the key changes that have been put forward through the GDPR in order to understand better the obligations and required implementations within an organisation. Here forth we shall provide an overview of these changes.

Principles of Data Protection

Article 5 of the Regulation expounds in great detail what the data protection principles are. These principals can be summarised as follows:

  • Lawfulness
  • Accountability
  • Storage Limitation
  • Accuracy
  • Fairness
  • Transparency
  • Purpose Limitation
  • Data Minimisation
  • Integrity / Confidentiality

These Data Quality Principles must ALWAYS be adhered to in all cases. However, before one ascertains that all the principles are being complied with, one needs to determine whether the processing of personal data is lawful or not.

Lawful Grounds to Process Data

The GDPR puts a requirement on the processor whereby it is required to identify lawful grounds for the processing of data. The grounds for processing can be divided into six pillars which are:

  • Consent of the data subject.
  • The performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract.
  • The compliance with a legal obligation of the controller.
  • In order to protect the vital interests of the data subject or of another natural person.
    For the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
  • For the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data – particularly children.

How can CSB Group help?

The GDPR puts a requirement on the processor whereby it is required to identify lawful grounds for the processing of data. The grounds for processing can be divided into six pillars which are:

  • Closer glance at the regulatory changes.
  • Expert legal advisory service.
  • Comprehensive understanding on how GDPR shall affect your business operations.
  • Understanding the gaps in compliance and address them accordingly.
  • Recommendations shall be given on what needs to be amended in a business practices and what needs to be implemented to become compliant with the regulation.

Key Contacts

Franklin Cachia

Director - Tax & Regulated Industries



Need our assistance with risk and compliance services?

CSB Group is backed by over 35 years of experience in the business and commercial sphere. We hold the expertise needed to help you with all your risk and compliance obligations.

Smarter business
starts here.

T: +356 2557 2557

F: +356 2557 2558

E: [email protected]