The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act (Cap 586) regulate the processing of personal data whether held electronically or in manual form. The Research, Policy and Operations Division (RPOD), MSPC, is set to fully comply with the Data Protection Principles as set out in such data protection legislation.
The Research, Policy and Operations Division includes the Office of the Director General, the Policy Development and Programme Implementation Directorate, the Operations Directorate, and the Research and Evaluation Directorate.
Purposes for collecting data
The Research, Policy and Operations Division may collect and process information to carry out its function obligations in accordance with present legislation. All data is collected and processed in accordance with the Data Protection Legislation, the Public Administration Act, and any other relevant legislation underlying the operations of the Division.
Recipients of data
Employees assigned to carry out the functions of the Research, Policy and Operations Division may access personal information. Personal Data will be disclosed solely to authorised officers who require access to fulfil a specific task in compliance with Data Protection Legislation. Disclosure can also be made to third parties in line with existing regulatory provisions.
Your rights
Clients are entitled to know, free of charge, what type of information the Research, Policy and Operations Division holds and processes about them, why this information is required, who has access to it, how it is held and kept up to date, for how long it is kept, and what the Unit is doing to comply with data protection legislation.
GDPR establishes a formal procedure for dealing with access requests by data subjects. All data subjects have the right to access any personal information kept about them by the Research, Policy and Operations Division, either on computer or in manual files. Requests for access to personal information by data subjects are to be made in writing and sent to the Director General, Research, Policy and Operations. You will need to submit your identification details including ID number, name and surname with the request for access. In case of identification difficulties, the client may be required to present an identification document.
The Research, Policy and Operations Division aims to comply as quickly as possible, with requests for access to personal information and will ensure that it is provided within a reasonable timeframe and in any case not later than one month from receipt of request, unless there is an appropriate justification for the delay. When a request for access cannot be met within a reasonable timeframe, the Division will provide an explanation in writing to the data subject making the request. Should there be any data breaches the data subject will be informed accordingly.
All data subjects have the right to request that their information is not used, or that it is amended if it results to be incorrect. Data subjects may also request that their data is deleted. Such requests are to be made in writing to the Data Controller within the Research, Policy and Operations Division.
These rights may be restricted, if applicable, as per Data Protection Legislation.
In case you are not satisfied with the outcome of your access request, you may refer a complaint to the Information and Data Protection Commissioner, whose contact details are provided below.
Retention Policy
Your personal data is collected through the Data Protection Legislation, the Public Administration Act and any other relevant legislation underlying the operations of the Division.
The following schedule outlines the retention requirements for the various categories of documentation within the Research, Policy and Operations Division:
| Category of Document | Retention Period | Justification |
| Office of the Director General | ||
| Copies of HR related documentation (such as Attendance Sheets, Applications for: Telework, Flexitime, Maternity Leave, Study Leave and other special leave) | As per HR Corporate Procedure | Please refer to the HR Corporate Procedures |
| Policy Development and Programme Implementation | ||
| Copies of HR related documentation (such as Attendance Sheets, Applications for: Telework, Flexitime, Maternity Leave, Study Leave and other special leave) | As per HR Corporate Procedure | Please refer to the HR Corporate Procedures |
| Documentation relating to programmes and projects utilising EU Funding, including lists of beneficiaries and client details for payment certification | 5 years after project closure | Copies required for auditing purposes |
| Copies of requisition forms for supplies | 1 year | Endorsed copies kept for verification purposes |
| Operations Directorate | ||
| No personal data is held | ||
| Research and Evaluation Directorate | ||
| No personal data is held | ||
Data that needs to be destroyed after the noted timeframes will be disposed of in an efficient manner ensuring that such information is no longer available within the Research, Policy and Operations Division.
The Data Protection Officer may be contacted on dpdgsp.mspc@gov.mt or by telephone 25903 3220.
The Data Controller for the RPOD, MSPC, may be contacted at:
Palazzo Ferreria, 310, Republic Street
Valletta, VLT2000
Telephone: 25903220
Email: dpdgsp.mspc@gov.mt
The Information and Data Protection Commissioner
The Information and Data Protection Commissioner may be contacted at:
Level 2, Airways House,
High Street,
Sliema SLM 1549
Telephone: 23287100
Email: idpc.info@idpc.org.mt
