Picture your Future. Save for it by earning 1.5% on a 1-year Term Deposit Account! Learn more.

Data Privacy – five years on from the introduction of GDPR

General Data Protection Regulation (GDPR). Remember that? It’s hard to believe that nearly five years have passed since our inboxes were flooded with messages from all sorts of organisations asking us to resubscribe to newsletters and to agree to new privacy policies.

As we mark Data Privacy Day on 28 January, it’s good to remind ourselves of what GDPR required organisations that process personal data to do. It’s also a good opportunity to highlight how MeDirect continues to ensure it adheres to the regulation’s responsibilities both towards customers and employees.

Let’s begin by recapping the seven main principles that underpin the GDPR legislation. Briefly, these are that personal data should be:

  • processed lawfully, fairly and transparently;
  • used for limited purposes;
  • kept to a minimum;
  • be accurate;
  • kept confidential; and
  • secure.

In addition to the above, the data controller within any organisation is responsible for, and needs to be able to demonstrate compliance with, the above principles.

The objectives of GDPR are impossible to argue against. In a data driven society, protecting privacy is paramount. Implementation, of course, can always prove more challenging. At MeDirect we continue to focus on a twin track approach of investing in technology and in our human resources to meet our obligations.

As Malta’s first digital bank, much of the personal information we collect on customers is done through our secure website and mobile app. The security of these platforms, and the way in which data collected from them is managed, are a constant focus for our Tech teams.

The input of our legal and compliance departments is also very important to ensure we only collect the information we need to be able to offer customers the financial services they are looking for, while at the same time complying with all other relevant banking regulations. Systems are important but so is teamwork. 

This teamwork across the bank also comes into play when processing the personal data of employees. MeDirect is a large organisation with more than 300 colleagues, spread across multiple locations and with many opting to work remotely. Together with our colleagues in Human Resources, we regularly review both of our technology and procedures to ensure the data held is necessary and safe.

One of the biggest challenges any organisation faces when it comes to protecting personal data is minimising the risks posed by human error.  We all know about emails where the addresses are listed in the ‘To’ field rather than the ‘BCC’ one or about photos posted on social media which reveal personal information.  

Of course, mistakes are always going to happen, but they are more likely to happen when a false sense of security takes hold. That’s why, at MeDirect, we make it a point to conduct regular training and provide periodic reminders to all our employees about the importance of being diligent when handling information about customers or colleagues. We also emphasize the necessity to report any potential breaches in compliance with our regulatory requirements. Marking Data Privacy Day is an important part of this ongoing awareness effort.

GDPR may no longer be in the limelight, but its importance remains undiminished. Continuous training and reviews of systems and technology are necessary but so is encouraging a culture of integrity, transparency and trust across the whole Bank. It is teamwork that really underpins MeDirect’s GDPR compliance.

MeDirect Bank (Malta) plc, company registration number C34125, is licensed to undertake the business of banking in terms of the Banking Act (Cap. 371) and investment services under the Investment Services Act (Cap. 370). MeDirect Bank (Malta) plc is regulated by the Malta Financial Services Authority as a Credit Institution under the Banking Act 1994.

Share on facebook
Share on linkedin

Latest news articles

BlackRock: Recession – but no central bank rescue
All News

BlackRock Commentary: Recession – but no central bank rescue

The central bank trade-off between crushing activity or living with inflation is now impossible to ignore as economic damage and financial cracks emerge. That was evident in the Federal Reserve’s forecast of recession this year and sticky inflation in years to come. Central banks have clearly separated responses to the banking tumult and kept hiking rates.

Notes from the Trading Desk
All News

Notes from the Trading Desk – Franklin Templeton

Banks remain the clear focus, with a consistent message that the risk of contagion appears relatively low for now. Investors are now questioning where there is exposure to the commercial real estate market.

Experience better banking

The sooner you start managing your money, your way, using the best-in-class tools, the sooner you’ll see results. Sign up and open your account for free, within minutes.


We strive to ensure a streamlined account opening process, via a structured and clear set of requirements and personalised assistance during the initial communication stages. If you are interested in opening a corporate account with MeDirect, please complete an Account Opening Information Questionnaire and send it to corporate@medirect.com.mt.

For a comprehensive list of documentation required to open a corporate account please contact us by email at corporate@medirect.com.mt or by phone on (+356) 2557 4444.