Today the Gibraltar Regulatory Authority (“GRA”), as the Information Commissioner, has published the seventh guidance note on the European Union’s General Data Protection Regulation (“GDPR”) and Gibraltar’s Data Protection Act 2004 (“DPA”).
Being a small business doesn’t mean that you fall outside of the scope of the GDPR and the DPA. All companies, regardless of their size, have data protection obligations. However, the law is flexible and the standards that organisations implement should be proportionate to their data processing.
To see the full document, please download it on the link below.