Welcome to the Gibraltar Regulatory Authority website
GUIDANCE FOR DATA CONTROLLERS
The following is a list of documents that provide guidance on data protection for organisations. Some documents provide general guidance whilst others focus on specific topics such as an individual’s right to access their personal data (Subject Access Requests) and the use of CCTV.
Note: The guidance in this section of the website relates to the data protection regime in place prior to the introduction of the General Data Protection Regulation (“GDPR”) and resulting changes to the Data Protection Act 2004 in May 2018. Some of the guidance remains relevant and useful, however organisations and individuals must be mindful of the changes in the law and that the guidance in this page has not been updated.
For updated guidance please visit https://www.gra.gi/data-protection/general-data-protection-regulation
-
Guidance Dealing With SAR
Published: 17/09/2010
-
Data protection guidance for EU Referendum campaign groups
Published: 13/04/2016
-
Requests To Obtain Certificates Of Good Conduct
Published: 28/05/2013
-
Use Of Cookies In Websites
Published: 17/05/2012
-
Opinions Given In Confidence
Published: 21/01/2010
-
Monitoring Of Staff
Published: 06/11/2008
-
A Guide For Business, Organisations & Public Bodies
Published: 04/12/2007
-
CCTV Systems
Published: 04/12/2007
-
Transfer Of Personal Data Outside Of Gibraltar
Published: 04/12/2007
-
Dealing With Subject Access Requests
Published: 04/12/2007
-
Standard Model Clause
Published: 04/12/2007
-
Are You A Data Controller Or Data Processor?
Published: 04/12/2007
-
Assess Your Own Dp Policy
Published: 04/12/2007
-
Pre-Employment Vetting
Published: 10/12/2001