Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday


Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, our offices are closed to the public until further notice. We are working remotely and we will endeavour to assist you in as much as we are able to do so in the circumstances. Please email any enquiries to or call us on 200 74636, leave a voicemail message and a member of our team will get back to you.

We accept requests for licence applications and renewals by email, together with any necessary licence variations if applicable. Payment for these may be effected by bank transfer only. Licences will then be scanned and sent by e-mail together with a copy of the receipt. The originals will be held for collection at a later date when restrictions are lifted, or posted if required. For any queries regarding the renewal of your licence please send an e-mail to

Welcome to the Gibraltar Regulatory Authority website


As part of his duties, the Information Commissioner (the “Commissioner”) conducts investigations on the application of data protection law in Gibraltar. Investigations may be as a result of information obtained that provokes compliance concerns, a complaint lodged or information/complaint referred by another data protection authority or other public authority. Investigations are also undertaken into breach notifications received, with appropriate action taken where necessary and appropriate.

Gibraltar’s data protection legislation was updated and strengthened on 25th May 2018 when the EU General Data Protection Regulation 2016/679 (the “GDPR”) came into force and the Data Protection Act 2004 (the “DPA”) was updated to complement the GDPR and transpose the Law Enforcement Directive 2016/680.

The document below titled “Investigations and Enforcement” provides a table listing all the investigations conducted by the Commissioner since 25th May 2018. Within the table there are short summaries relating to each referenced investigation. These include details of whether the Commissioner took any enforcement action.

The document below titled “Breach Notifications and Enforcement”, provides a table listing only the breach notifications (relating to Article 33 of the GDPR and section 76 of the DPA), received by the Commissioner since the 25th May 2018, in respect of which the Commissioner has taken enforcement action.

Please note that references to the DPA and the GDPR within the below linked documents are relevant to the legislation as defined above.