Those caught breaching data protection rules could be slammed with a €10 million fine – up from the current €23,000 – when new rules come into force across the European Union.

This is just one of the provisions of a reform driven mainly by technological development that will see the current directive replaced by a General Data Protection Regulation.

Speaking ahead of the adoption of this regulation, Civil Liberties Minister Helena Dalli yesterday insisted that, while the government encouraged people to use online services and transactions, and while social networking had become an integral part of everyday life, the secure and lawful processing of personal data and the fundamental right to privacy could not be overlooked.

Addressing a Malta Employers’ Association seminar marking International Data Privacy Day, Dr Dalli said the government had a strategy to address the implementation of this regulation by 2018, when it should come into effect in all member states.

The regulation will see a stricter concept of consent. If consent is required by an organisation to deliver a service, the regulation stresses that there has to be a very clear statement indicating that such consent has been provided. It also includes specific rules for children in the case of internet services and parental consent, where authorisation will start being required.

This reform was mainly needed because of technological advances that among others have seen large organisations such as Google and Facebook that are based outside of Europe but which process personal data of those living within the EU. The regulation will contain provisions for the processing of such data, a spokesman from the ministry explained.

Another provision is that of “the right to object”, better known as “the right to be forgotten”. So far, citizens can object to data held and processed by an organisation, however, it is up to them to provide a justification as to why that data should no longer be held.

Through the regulation, the onus of justifying the keeping of, or processing of that data, will fall on the organisation. One of the most discussed provisions is the one referring to administrative fines. Citizens will be reassured of stricter procedures considering that fines for breaches of the regulation could be as high as €10 million, the spokesman noted.

This is substantially higher than the maximum fine within the Maltese context currently standing at €23,000.

Meanwhile, the regulation will also bring uniformity as citizens who feel aggrieved through the actions of an organisation located outside of their country can approach their national data protection authority. The latter will be in constant liaison with its counterpart in the country where the breach was performed.

Sign up to our free newsletters

Get the best updates straight to your inbox:
Please select at least one mailing list.

You can unsubscribe at any time by clicking the link in the footer of our emails. We use Mailchimp as our marketing platform. By subscribing, you acknowledge that your information will be transferred to Mailchimp for processing.