Skip to content

about

practice areas

insights

careers contact us
Commercial Law
Corporate and M&A
Employment Law
Financial Services
Gaming
IP and Data Protection
Law of Trusts and Fiduciaries
Litigation
Maritime and Aviation
Private and Civil Law
Public Procurement
Real Estate and Construction

all practice areas
Who We Are
Our Team
Our Values
Networks & Associations

read more
About Malta
Insights
News & Events

view all insights

Practice Areas

We offer extensive expertise across diverse legal fields. Our team of partners, associates, and consultants are dedicated professionals committed to excellence in their respective areas.

all practice areas
Commercial Law
Corporate and M&A
Employment Law
Financial Services
Gaming
IP and Data Protection
Law of Trusts and Fiduciaries
Litigation
Maritime and Aviation
Private and Civil Law
Public Procurement
Real Estate and Construction

About us

FFF Legal is a well-established law firm reputed to be one of Malta’s foremost law practices, both in the commercial and private law sectors. It regularly advises local and foreign clients engaged in a wide spectrum of activities, adopting a personalised and client-centric approach to the professional services it provides.

read more
Who We Are
Our Team
Our Values
Networks & Associations

Insights

Stay informed with our latest insights, news and events. Access our knowledge base and stay ahead of legal developments.

view all insights
About Malta
Insights
News & Events

What Is A Data Breach?

Insights

08/04/2020

Last week, the Office of the Information and Data Protection Commissioner (“IDPC”) launched an investigation into a leak of a large volume of personal data by a local IT company. But what is a “data breach” and when do the obligations to notify kick in?

A controller of personal data is bound to implement organisational and technical measures to ensure that by default only personal data which is necessary for each specific purpose of the processing are processed, and that personal data is not made accessible without the individual’s intervention to an indefinite number of persons. This means that systems need to have data protection by design. But even with systems in place, data breaches may occur. This may be due to a cyber or ransomware attack, but also when an employee sends personal information to the wrong person, or when a device, such as a laptop, that contains personal information is lost. When personal data is breached, then the controller needs to consider its compliance requirements.

Article 4 of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) defines a personal data breach as “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed”. When a data breach occurs, Article 33 of the GDPR requires a data controller to notify the supervisory authority (which in Malta is the IDPC) without undue delay and, not later than 72 hours after having become aware of it. The notification may be done online on the IDPC’s website. Where a data breach is of high risk to data subjects, the controller must also notify the affected data subjects. The notification may not be required in those cases where the controller determines that the breach is unlikely to result in a risk to the rights and freedoms of data subjects. 

The Article 29 Working Party adopted “Guidelines on Personal data breach notification under Regulation 2016/679” in February 2018, which could assist the controller on how to manage a data breach notification. To ensure adherence to these obligations, it is important for data controllers to have a Data Protection Officer (either in-house or contracted) and have adequate processes in place between them and their processors to ensure that a data breach is adequately reported, to assess the breach and adhere to the notification requirements within the legal timeframe.

For more information on this topic please contact us on: [email protected]

You might also like

Insights

Court Of Appeal Confirms That Non-Residents Can File Freedom Of Information Requests

27/01/2023

Insights

Amendments To The Competition Act and Consumer Affairs Act

28/06/2019

Insights

Russia to exclude Malta from blacklist of offshore jurisdictions

31/10/2014

About Us
Insights
Careers
Contact Us

Committed to our Clients’ Success

LinkedIn Facebook Instagram

© 2026 FFF Legal

Privacy Policy Terms of Use