Malta’s new General Data Protection Regulation (GDPR) will come into effect on 25 May 2018, and when it does it will replace the old Data Protection Directive (DPD). With the new GDPR regulations, Malta will become fully compliant with European data protection guidelines, and personal data will acquire extremely strong protection from potential risks and abuse.
Fundamental elements of the GDPR framework include data portability, by which individuals have the right to move their data from one organisation to another, data breach notification, enhanced security by design and default, enhanced territorial scope, new requirements on entities involved in data processing, the right to be forgotten, Data Protection Impact Assessments, accountability and data governance, and seriously debilitating fines for violations when they happen.
The GDPR regulations should go a long way in protecting individuals from cavalier and depredatory attitudes to their personal data by businesses and corporations. These regulations put added onus on businesses to make the data of their clients as secure as possible and ensure that this data is under the ultimate control of their clients. Moreover, it increases transparency and accountability in all practices related to personal data.
While the greatest beneficiary of the new GDPR framework is the individual, businesses and corporations, despite the undeniable challenges of implementing this framework, still stand to benefit. In particular, given the immense value of data in a global economy that is increasingly digital, these new regulations should provide a major incentive to businesses and corporations to update their infrastructure and practices, and this will lead to increased streamlining and therefore efficiency. Moreover, the adoption of these regulations will endow organisations with extremely effective systems to meet the increasing requirements of transparency and auditability, even in areas of action beyond data protection.
The GDPR should therefore bring great benefits to all stakeholders sharing and processing data. Although the adoption of these regulations by those entities to whom these regulations are applicable is no trivial task, by adopting them they will come to benefit from highly enhanced security and efficiency, thus protecting themselves from black swan events that may have extremely deleterious effects on their operations. Above all, individuals may rest easy that their data will be protected in the most rigorous manner possible.