Royal Gibraltar Police Fined for Data Protection Breaches

The Information Commissioner has issued the Royal Gibraltar Police (“RGP”) with a fine of £10,000 following various breaches of the Data Protection Act 2004 and the EU General Data Protection Regulation 2016/679, as the applicable law at material times relating to the matter. The breach relates to personal data held by the RGP, including data relating to current and previous employees, as well as information relating to law enforcement matters. The Information Commissioner was notified of the breach by the RGP, in line with their obligations under Part III, Chapter 4, Section 76 of the DPA, which requires notification to the Information Commissioner where a personal data breach is likely to result in a risk to the rights and freedoms of individuals.