The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (Cap 586 of the Laws of Malta) regulate the processing of personal data whether held electronically or in manual form. The Malta Information & Technology Agency (MITA) is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
Purposes for collecting data
MITA manages the implementation of IT programmes in Government to enhance public service delivery and provides the infrastructure needed to execute ICT services to Government. MITA is also responsible to propagate further use of ICT in society and economy and to promote and deliver programmes to enhance ICT education and the use of ICT as a learning tool. GMICT Policy.
MITA collects and processes information to carry out its obligations in accordance to the General Data Protection Regulation 2016/679, the Electronic Communications Data Protection Directive 2002/58/EC, the Directive 2016/680, the GMICT Policy, and all applicable laws and regulations relating to the processing of personal data and privacy.
MITA implements appropriate physical, electronic, managerial and disciplinary procedures that protection the information from unauthorised access, the maintenance of data accuracy and the appropriate use of information.
Recipients of data
Personal Information is accessed by MITA employees who are assigned to carry out their functions in accordance to the business process of the Agency. Personal data may also be disclosed to Public Authorities and third parties as authorised by law. The citizen’s rights are safeguarded by the Data Protection legislations, other National laws, as well as by MITA’s internal policies and procedures.
You are entitled to know, free of charge, what type of information the Agency holds and processes about you and why, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.
The GDPR establishes a formal procedure for dealing with data subject access requests. All data subjects have the right to access any personal information kept about them by MITA, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing, or by using MITA’s Data Subject Access Request Form and sent to the MITA’s Data Protection Officer. Your identification details such as ID number, name and surname have to be submitted with the request for access. In case we encounter identification difficulties, you may be required to present an identification document.
MITA aims to comply as quickly as possible with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is good reason for delay. When a request for access cannot be met within a reasonable time, the reason will be explained in writing to the
data subject making the request. Should there be any data breaches, the data subject will be informed accordingly.
All data subjects have the right to request that their information is amended, erased or not used in the event the data results to be incorrect.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
The Rentention Policy outlines the retention requirements for the various categories of documentation held within MITA.
Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner ensuring that such information is no longer available within MITA.
Data Protection Officer
The Data Protection Officer may be contacted at:
Malta Information & Technology Agency
Gattard House, National Road
Blata Il-Bajda 1057
The Information and Data Protection Commissioner
The Information and Data Protection Commissioner may be contacted at:
Level 2, Airways House,
Sliema SLM 1549