The website is maintained and managed by the National Statistics Office of Malta (NSO).
The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (Cap 586 of the Laws of Malta) regulate the processing of personal data whether held electronically or in manual form. The NSO is set to fully comply with the data protection principles as set out in the Data Protection legislation.
Personal Data Collected and GDPR
The National Statistics Office (NSO) is responsible for the collection, compilation, analysis and publication of a wide range of statistical information and related matters. It is also the entity responsible for the Census of Population and Housing, a nationwide project carried out every 10 years.
Information provided to the NSO is treated as confidential. This information is used solely in the compilation of statistical reports. No information on individual returns can be given to any external public or private entity.
The NSO, as an Office set up by the Malta Statistics Authority Act, aims to comply with both national and European Data Protection and statistical legislation, the said Act – Chapter 422 of the Laws of Malta, the General Data Protection Regulation (GDPR) and the Data Protection Act – Chapter 586 of the Laws of Malta. The basic principles by which the NSO processes the personal data of the public, business partners and other individuals are set out in the Personal Data Protection Policy, which also indicates the responsibilities of its business departments and employees while processing personal data.
NSO implements appropriate physical, electronic, managerial and disciplinary procedures that protects the information from unauthorised access, the maintenance of data accuracy and the appropriate use of information.
NSO is obliged to ensure that all its processes, including data collection, respect the confidentiality of the individual, household and/or entity and all data published cannot divulge the identity directly or indirectly unless prior consent is obtained from the individual, household and/or entity. Data is handled on a need to know basis even within the Office and access is given to the persons working on datasets only.
All officers of statistics working at NSO undertake the oath of secrecy as prescribed by the Malta Statistics Authority Act. The oath places added legal responsibility on the officers of statistics to make appropriate use of the data being handled.
The data protection principles outline the basic responsibilities for handling personal data. Article 5(2) of the GDPR stipulates that “the controller shall be responsible for and be able to demonstrate compliance with the principles.” The GDPR recognizes the importance of statistics and introduces ‘statistical purposes’ as a basis to allow a number of derogations which are also mirrored in the newly enacted Data Protection Act (Cap. 586 of the Laws of Malta) in order to allow NSO carry its legal obligations.
The derogations allow NSO to not grant to the data subject: right of access, right of rectification, right to erasure (right to be forgotten), right to restriction of processing, right to data portability and right to object. These derogations apply when the NSO deems that granting them would render impossible or seriously impair its achievements, and that they are necessary to fulfill its purposes.
The purposes, methods, storage limitation and retention period of personal data must be consistent with the Information Classification and Handling Procedure and with the Data Retention Policy. The accuracy, integrity, confidentiality and relevance of personal data based on the processing purpose must always be maintained. Adequate security mechanisms designed to protect personal data must be used to prevent personal data from being stolen, misused, or abused, and prevent personal data breaches. Such measures are described within the Anonymisation and Pseudonymisation Policy.
Whenever a third party is used to process personal data, the DPO will ensure that this processor provides security measures that are appropriate to the associated risks to safeguard personal data.
When the NSO learns of a suspected or actual personal data breach, the DPO will carry out an internal investigation and take appropriate remedial measures in a timely manner, according to the Data Breach Response and Notification Procedure. Where there is any risk to the rights and freedoms of data subjects, the NSO will notify the relevant Data Protection Commissioner without undue delay and, when possible, within 72 hours.
The Data Protection Officer of the NSO may be contacted at:
Dr Sarah Jane Meli
National Statistics Office
Lascaris, Valletta VLT 2000
Email: [email protected]
What is a cookie?
A cookie is a small piece of data that a website asks your browser to store as text strings on your computer’s hard-disk. All cookies are set with expiry dates which determine how long they reside on your browser. Generally, cookies can be removed automatically after the lapse of the expiry date or else can be deleted manually by the user.
You can delete all cookies that are already on your device by clearing the browsing history of your browser. The cookies from all websites you have visited will be removed. However, be aware that you may also lose some saved information like saved login details and site preferences.
Embedded content from other websites
Some of our pages display content from external provided (e.g. You tube, Facebook, and LinkedIn). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.