Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday.

Welcome to the Gibraltar Regulatory Authority website

Data Sharing Code of Practice

The Data Protection Commissioner (the “Commissioner”) recognises that under the right circumstances and for the right reasons, data sharing between organisations can be beneficial to society and individuals. In every case, the citizens’ rights under the Data Protection Act 2004 (“DPA”) must be respected and organisations have to comply with their obligations under the DPA.

It is important for organisations to understand what can be done legally, and what cannot be done. This will help individuals and organisations from being disadvantaged as a result of excessive caution or carelessness in disclosure. It is important to note that where unjustified disclosures occur, serious harm to individuals and society may be caused. The responsible sharing of information is in the interest of the public in general, as well as in the interest of the individuals and organisations involved.

Individuals expect their information to be handled responsibly in accordance with the law. Amongst other things, this requires individuals to be informed about how their information is being used, including any disclosures. This code of practice provides good practice for the sharing of personal data and delivers a general framework, which organisations can use to develop their own data sharing agreements. Each organisation must adapt it in accordance with their circumstances, taking into account the nature of the data involved and type of data sharing e.g. frequency (ad hoc or routine), electronic/hard copies, etc.

Adopting the recommendations in this code of practice, will help organisations operate in a compliant manner and avoid the operation of insecure data sharing arrangements that can be detrimental to society and individuals, and generate public distrust.