As the General Data Protection Regulation (GDPR) comes into force today, GRTU Malta Chamber of SMEs would like to note that whilst supporting the rights of citizens and the importance to protect their personal data, we need to give more times for fuller implementation by businesses.
The aim of the GDPR is to bring all member states in line under one common regulation. The GDPR increases privacy for individuals and aims to ensure that personal data gathered is gathered lawfully and with the individuals’ full consent. The new regulation also gives regulatory authorities more power to act on those who do not comply. In this regard, local authorities can now impose harsher fines with up to 4% of annual turnover or Euro 20 million, whichever is greater.
In order to prepare its members for this regulation and in light of the serious implications this regulation brings about, GRTU has for the past months organised a number of information sessions, seminars and conferences for its members. Through these seminars, members where given the the necessary information and tools to bring their business in line with this regulation.
GRTU however notes that the GDPR is unfortunately not the easiest legislation to comply to. It is cumbersome in many ways, failing to make a distinction between SMEs and larger organisations. Moreover this regulation is also very subjective and in many ways open to interpretation.
Although GRTU believes that its members are doing their best to comply with this regulation, one cannot expect business to become fully compliant right from the start.
GRTU joins the rest of EU employer organisations, and encourages local enforcement authorities to guide above all and give out warnings rather than impose fines, during the first year of implementation. This is being proposed with full respect toward EU and local legislation and without the aim of undermining such legislation.
GRTU will remain available to assist its members throughout the process.