Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday


Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, our offices are closed to the public until further notice. We are working remotely and we will endeavour to assist you in as much as we are able to do so in the circumstances. Please email any enquiries to or call us on 200 74636, leave a voicemail message and a member of our team will get back to you.

We accept requests for licence applications and renewals by email, together with any necessary licence variations if applicable. Payment for these may be effected by bank transfer only. Licences will then be scanned and sent by e-mail together with a copy of the receipt. The originals will be held for collection at a later date when restrictions are lifted, or posted if required. For any queries regarding the renewal of your licence please send an e-mail to

Welcome to the Gibraltar Regulatory Authority website


As electronic storage and processing becomes increasingly inexpensive and more accessible, larger amounts of information are being held and processed. This increase in personal data processing, particularly in the online environment, has given rise to new data security challenges, which pose a threat to individuals as well as organisations and society.

It is important to note that data security is important for all, not just big organisations, and that it concerns manual records as well as electronic records. The EU General Data Protection Regulation 2016/679 and the Data Protection Act 2004 require organisations to ensure the “appropriate security” of personal data. What is appropriate depends on the circumstances of the organisation and the data being processed (in particular, consideration should be given to the risks of the processing). The law is thereby flexible to accommodate different types of organisations but clear in that appropriate security measures must be implemented. Ultimately, each organisation is accountable for establishing security measures that are appropriate for their circumstances. In this regard, an evaluation of risks with regards the processing of personal data is important.