Welcome to the Gibraltar Regulatory Authority website
DATA PROTECTION INTRODUCTION
What is Data Protection?
The term “Data Protection” relates to the processes and controls used to safeguard information about individuals and their privacy. In Gibraltar, the Data Protection Act 2004 is the law that governs how organisations (both private and public) should use information about individuals. It includes the rules that organisations must follow and the Rights that individuals have in respect of information about them e.g. the Right of access to your personal data.
When does the Data Protection Act 2004 apply?
The law applies whenever an organisation processes (e.g. stores, collects, transmits, uses etc.) information that relates to a person such as a person’s name, DOB, their hobbies, comments about their performance, location, etc.
What we do?
Under the Data Protection Act 2004, the Gibraltar Regulatory Authority is nominated as the Data Protection Commissioner. The Gibraltar Regulatory Authority is thereby the independent statutory body responsible for the enforcement of the Data Protection Act 2004, and carries out the functions assigned to it, to uphold the rights of individuals and their privacy. Amongst other things, this includes the provision of advice on data protection related matters and the investigation of complaints, as well as raising awareness on privacy issues.