Data Protection Policy

The processing of personal data is regulated by the General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Chapter 586 of the Laws of Malta). The NAB-MALTA is set to fully comply with the Data Protection Principles as set in these data protection legislation. 


For the purpose of the NAB-MALTA Data Protection Policy, the definitions as per the GDPR will apply: 

(1) ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;1 

(2) ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;1 

1Regulation (EU) 2016/679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (2016) OJ L 119/1 


Purposes for collecting and processing data 

The NAB-MALTA collects and processes information to fulfil its obligations in accordance with the present legislation. The data is collected and processed in accordance with the aforementioned Data Protection Legislation, and other applicable legislation regulating the NAB-MALTA 


Recipients of data 

Personal information is accessed by the employees who are assigned to carry out the functions of the NAB-MALTA. Data can be disclosed to relevant third parties as authorised by law.  


Your rights 

You are entitled to know, free of charge, what type of information the NAB-MALTA holds and processes about you and why, who has access to the data, how it is held and kept up to date, its retention period, and what the NAB-MALTA is doing for complains with data protection legislation.  


A formal procedure for dealing with data subject access requests is established by the GDPR. Data subjects can make requests for access to personal information kept by the NAB-MALTA, either on computer or in manual files, by sending request in writing on The request for access shall include your identification details including ID number, name and surname. An identification document may be requested to be presented. 


The NAB-MALTA intends to reply to requests for access to personal information as soon as possible, within a reasonable timeframe. Unless there is a valid reason for delay, reply will be provided by not later than one month from receipt of request. In case the request for access cannot be met within a reasonable timeframe, the reason will be provided to the data subject making the request. Should there be any data breaches, the data subject will be informed.  


The data subjects have the right to request that their personal information is amended, erased, or not used if the data results to be incorrect.  


If you are not satisfied with the result of the request for access, a complaint may be made to the Information and Data Protection Commissioner. Information on how to lodge a complaint can be found on the IDPC website: 


Contact Details 

The Data Protection Officer may be contacted on or by telephone on +356 23952725.