Data protection
In accordance with the Data Protection Act, Cap 440, the Governor of the Central Bank of Malta is nominated Data Controller under the Act. The Board of Directors is responsible for compliance with the Act while a Data Protection Officer appointed by the Board handles day-to-day matters.
All Central Bank of Malta employees who process personal data must comply with the requirements laid down by this Act. The Central Bank of Malta ensures that the data protection principles listed in the Act are followed and fully implemented. In order to do this, the Bank has also developed an internal Data Protection Policy which must be adhered to by all members of staff when processing personal data.
The Nine Principles of 'good information handling'
Article 7 of the Act lists the requirements for processing, where the main purpose of these principles is to protect the interest of the individuals about whom personal data is processed. To ensure compliance with the Act, the data controller shall ensure that:
- Personal data is processed fairly and lawfully;
- Personal data is always processed in accordance with good practice;
- Personal data is only collected for specific, explicitly stated and legitimate purposes;
- Personal data is not processed for any purpose that is incompatible with that for which the information is collected;
- Personal data that is processed is adequate and relevant in relation to the purposes of the processing;
- No more personal data is processed than is necessary having regard to the purposes of the processing;
- Personal data that is processed is correct and, if necessary, up to date;
- All reasonable measures are taken to complete, correct, block or erase data to the extent that such data is incomplete or incorrect, having regard to the purposes for which it is processed;
- Personal data is not kept for a period longer than is necessary, having regard to the purposes for which it is processed.
Further information on Data Protection principles and legislation may be obtained from the website of the Office of the Information and Data Protection Commissioner.