Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday.

Closure of Public Counter

In order to manage the risk of cross-contamination in our community, the Gibraltar Regulatory Authority is closing its public counter as from 3pm on Monday 16th March 2020, to stop the spread of infection via physical payment by exchange of cash or card, and in order to avoid social contact in queues. All payments may be made by bank transfer. Cash payments or payments in person will not be accepted or handled as from this date.

Please send any enquiries to and we will endeavour to assist you in as much as we are able to in the circumstances. At the moment, the GRA is minimising the amount of staff working at its premises at any one time and so, there may be instances where we will not be able to carry out some services in their entirety. We appreciate your understanding.

Welcome to the Gibraltar Regulatory Authority website


As electronic storage and processing becomes increasingly inexpensive and more accessible, larger amounts of information are being held and processed. This increase in personal data processing, particularly in the online environment, has given rise to new data security challenges, which pose a threat to individuals as well as organisations and society.

It is important to note that data security is important for all, not just big organisations, and that it concerns manual records as well as electronic records. The EU General Data Protection Regulation 2016/679 and the Data Protection Act 2004 require organisations to ensure the “appropriate security” of personal data. What is appropriate depends on the circumstances of the organisation and the data being processed (in particular, consideration should be given to the risks of the processing). The law is thereby flexible to accommodate different types of organisations but clear in that appropriate security measures must be implemented. Ultimately, each organisation is accountable for establishing security measures that are appropriate for their circumstances. In this regard, an evaluation of risks with regards the processing of personal data is important.