+356 2124 2822
[email protected]
Mon - Fri 09:00-17:00

The right of access grants individuals(data subjects)the right to obtain a copy of their personal data and other supplementary information from a Data Controller or Data Processor. However, this right is not absolute and the GDPR allows EU Member States to introduce restrictions to this fundamental right through their own national legislation.

Exemptions allow Data Controllers and Data Processors to refuse to provide wholly or in part the information requested by the Data Subject.
Under Maltese law (S.L 586.09) a number of exemptions were introduced each having their own distinct application. Whilst certain exemptions find application due to the nature of the personal data in question, others apply because of the prejudice which may be caused by allowing a right of access to certain information. 

Hence why, it is very important that exemptions are not applied in a blanket fashion and consideration should be given to each data subject access request on a case-by-case basis. Controllers and processors of data need to ensure strict compliance with the law and adherence with the principle of accountability by also having strong documented justifications when relying on such exemptions.  

When an exemption is applied, controllers and processors of data have an obligation to inform the data subjects of the reasons why such exemption was applied and of their right to file a complaint with the IDPC and the facility to seek judicial redress against such a decision.

Whenever possible, controllers and processors of data need to be transparent about the reasons why an exemption was applied, however, in exceptional circumstances in which they are in a position to prove that by being transparent about the reasons why an exemption was applied they would prejudice the purpose of such exemption, their response may be more general.

A breach of the right of access may attract heavy administrative fines besides exposing controllers and processors of data to a claim for damages (including moral) by the data subject.   

Related Posts

Going back to Act One of 2020 – How did the Act amend Malta’s Prevention of Money Laundering Act (PMLA)?

Malta’s legislation is in a constant state of flux, with new legal notices, bills and acts being implemented  everyday. It is significant that we keep up to date with all laws, both the present ones and the past ones,  and to understand how they may affect us accordingly in our...

Legal Privilege

Privilege afforded to communications between a lawyer and his client by the European Court of Justice. The ultimate test which needs to be carried out in respect of whether communications between a lawyer and his client which involves legal advice ought to be legally privileged or otherwise, is to assess...

Comparing the effectiveness of remedies available to Maltese Trade Union members to those of shareholders under Maltese Company Law

ABSTRACT   Maltese Trade Unions have a sui generis legal nature which imbues them with  unique characteristics, features and attributes. The external dealings of Trade  Unions with third parties are both legally regulated and squarely within reach of  the judiciary, but what about their inner dealings? National jurisprudence seems to  suggest...