Opening Times

The offices of the Gibraltar Regulatory Authority are open Monday to Friday, from 9:00 to 17:00.


Our public counter is open. At first instance, for all queries, please contact our offices by e-mailing or call us on 200 74636. If you are unable to speak to our front desk staff, please leave a voicemail message. These are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations, if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Welcome to the Gibraltar Regulatory Authority website


As electronic storage and processing becomes increasingly inexpensive and more accessible, larger amounts of information are being held and processed. This increase in personal data processing, particularly in the online environment, has given rise to new data security challenges, which pose a threat to individuals as well as organisations and society.

It is important to note that data security is important for all, not just big organisations, and that it concerns manual records as well as electronic records. The EU General Data Protection Regulation 2016/679 and the Data Protection Act 2004 require organisations to ensure the “appropriate security” of personal data. What is appropriate depends on the circumstances of the organisation and the data being processed (in particular, consideration should be given to the risks of the processing). The law is thereby flexible to accommodate different types of organisations but clear in that appropriate security measures must be implemented. Ultimately, each organisation is accountable for establishing security measures that are appropriate for their circumstances. In this regard, an evaluation of risks with regards the processing of personal data is important.