Opening Times

The offices of the Gibraltar Regulatory Authority are open Monday to Friday, from 9:00 to 17:00.


Our public counter is open. At first instance, for all queries, please contact our offices by e-mailing or call us on 200 74636. If you are unable to speak to our front desk staff, please leave a voicemail message. These are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations, if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Welcome to the Gibraltar Regulatory Authority website


As part of his duties, the Information Commissioner (the “Commissioner”) conducts investigations on the application of data protection law in Gibraltar. Investigations may be as a result of information obtained that provokes compliance concerns, a complaint lodged or information/complaint referred by another data protection authority or other public authority. Investigations are also undertaken into breach notifications received, with appropriate action taken where necessary and appropriate.

Gibraltar’s data protection legislation was updated and strengthened on 25th May 2018 when the EU General Data Protection Regulation 2016/679 (the “GDPR”) came into force and the Data Protection Act 2004 (the “DPA”) was updated to complement the GDPR and transpose the Law Enforcement Directive 2016/680.

The document below titled “Investigations and Enforcement” provides a table listing all the investigations conducted by the Commissioner since 25th May 2018. Within the table there are short summaries relating to each referenced investigation. These include details of whether the Commissioner took any enforcement action.

The document below titled “Breach Notifications and Enforcement”, provides a table listing only the breach notifications (relating to Article 33 of the GDPR and section 76 of the DPA), received by the Commissioner since the 25th May 2018, in respect of which the Commissioner has taken enforcement action.

Please note that references to the DPA and the GDPR within the below linked documents are relevant to the legislation as defined above.