The General Data Protection Regulation (GDPR) and its implications on Maltese public entities

Abstract

Purpose: The primary objective of this study is to assess the implications of the GDPR on Maltese public entities. Moreover, this study also delves into the differences and similarities emanating from the previous DPD and any areas which the GDPR does not currently cater for. Design: Due to the nature of the researched area a qualitative research methodology approach was adopted. Semi-structured interviews were carried out with the DPO of six different Maltese Public Entities. Findings: The findings brought to light the different implications that emerged through the introduction of this Regulation. Despite the level of awareness and training given, findings seem to indicate that many were still unprepared for what the Regulation actually implied. This Regulation brought about significant adverse effects particularly on data sensitive entities with numerous processes and operations having to be put in place. This was mainly due to the cost and time required for the implementation as well as the complexity of the principles enshrined in the GDPR. Moreover, it also emerged that this Regulation is not perfect and further improvements are required due to a number of grey areas and limitations. Conclusions: As findings have shown, the most effected entities were those retaining vast data and information on their clients and employees, whereby significant changes to their operations had to be implemented. It appears that the majority of the interviewed entities are well-adapted to the requirements imposed by the GDPR and embrace a data privacy corporate culture and only few of the entities are still in the process of meeting compliance. In response to findings, participants pointed out the need for harmonisation with other laws and regulations as this Regulation is seen as a “stand-alone” and so further improvements and modifications are needed. Value: it is essential to analyse and look into the implications that such a regulation brought about as certain limitations can be addressed through improvement in both the Regulation itself and the way it is administered so as to achieve better compliance.