The General Data Protection Regulation (GDPR) - KPMG Malta
Share with your friends

Privacy: A Shifting Landscape

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR)

Eric Muscat

Partner, IT Advisory

KPMG in Malta


Also on


The EU General Data Protection Regulation (GDPR), was approved by the EU Parliament on 14 April 2016.  This regulation is set to significantly change the Privacy landscape in Europe and beyond once it comes into force on 25 May 2018.

Regulators will be given the power to fine organisations up to 4% of global annual turnover. This alone is set to escalate Privacy and Data Protection to being a top ten risk for most organisations.

In addition to increased fines, the GDPR also introduces a range of complex requirements that organisations will need to adhere to.  Time is running out for the implementation of potentially significant changes and organisations need to act now.


What is Privacy and why is it important?

  • Privacy laws protect the rights of individuals, specifying how organisations can lawfully collect, use, retain and disclose Personal Information (PI) – i.e. information that can identify a living person.
  • Leveraging PI enables organisations to create significant value; delivering more tailored and timely services to customers. It is the lifeblood of businesses and its protection is key.
  • Ongoing digitisation increases the volume of PI processed within an organisation; there is more at stake than ever before.
  • Organisations rely on the trust placed in them by customers and partners, if they are to achieve their objectives the processing and protection of PI, in the right way, is crucial.


What questions should organisations be asking?

  • Do we understand the Privacy risks we face?
  • Do we fully understand the current and future Privacy regulations and what we need to do to manage the risks these introduce?
  • Do we know what PI we hold, where it is stored and what it is used for?
  • Are we building Privacy controls into our digitisation programmes from the ground up?
  • Do we have the resources and capability to implement the Privacy controls?


How can KPMG help?

Our Privacy Management Framework is used as the foundation for delivering a range of services, including:

Assessment: Performing a Privacy Maturity Assessment to understand the effectiveness of existing Privacy controls.

Design: Defining the desired state Privacy maturity and building a roadmap to enable the organisation to reach it.

Implementation: Supporting the implementation of pragmatic, robust and fit- for-purpose Privacy controls.

Monitoring: Performing recurring reviews to verify that the defined Privacy controls continue to operate as designed.



Read more about key differences between Malta Data Protection Act and the GDPR changes here.

© 2019 KPMG, a Malta civil partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved.

KPMG International Cooperative (“KPMG International”) is a Swiss entity.  Member firms of the KPMG network of independent firms are affiliated with KPMG International. KPMG International provides no client services. No member firm has any authority to obligate or bind KPMG International or any other member firm vis-à-vis third parties, nor does KPMG International have any such authority to obligate or bind any member firm.

Connect with us


Want to do business with KPMG?


Request for proposal