Opening Times

The offices of the Gibraltar Regulatory Authority are open Monday to Friday, from 9:00 to 17:00.


Our public counter is open. At first instance, for all queries, please contact our offices by e-mailing or call us on 200 74636. If you are unable to speak to our front desk staff, please leave a voicemail message. These are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations, if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Welcome to the Gibraltar Regulatory Authority website

GDPR Guidance (2) Lead Supervisory Authority

The General Data Protection Regulation (the “GDPR”) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

This is the second document in a series of Guidance Notes that the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, will issue in the run up to the 25th May 2018.

This Guidance Note provides general advice on the Lead Supervisory Authority principle, which is introduced in the GDPR.

Currently, organisations who have establishments in one or more EU Member States may be subject to different data protection laws and enforcement approaches. Going forward, under the GDPR, organisations with several establishments in the EU can benefit from the Lead Supervisory Authority principle and only have to report to one
Supervisory Authority i.e. the Lead Supervisory Authority. This is also known as the “one-stop-shop” mechanism, which allows for a more cost-effective approach and is seen as a solution to the problems faced by organisations who operate across multiple EU Member States.

In the following, the GRA provides advice on the GDPR’s Lead Supervisory Authority principle.