Opening Times

The offices of the Gibraltar Regulatory Authority are open Monday to Friday, from 9:00 to 17:00.


Our public counter is open. At first instance, for all queries, please contact our offices by e-mailing or call us on 200 74636. If you are unable to speak to our front desk staff, please leave a voicemail message. These are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations, if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Welcome to the Gibraltar Regulatory Authority website


Six in ten Internet of Things devices do not properly tell customers how their personal information is being used, an international study has found.

The study was conducted by 25 data protection authorities around the world, including the Gibraltar Regulatory Authority (“GRA”) in its role as Data Protection Commissioner. The study looked at devices like smart sleep systems, internet-connected toothbrushes and watches that monitor health, considering how well companies communicate privacy matters to their customers.

The report showed that:

  • - 59 per cent of devices failed to adequately explain to customers how their personal information was collected, used and disclosed;
  • - 68 per cent failed to properly explain how information was stored;
  • - 72 per cent failed to explain how customers could delete their information off the device, and
  • - 38 per cent failed to include easily identifiable contact details if customers had privacy concerns.

Concerns were also raised around medical devices that sent reports back to General Practitioners via unencrypted email.

The data protection authorities collectively looked at more than 300 devices. Locally, the GRA focused its attention on devices on sale in local shops or on international websites that delivered to Gibraltar. Authorities will now consider action against any devices or services thought to have been breaking data protection laws.

The work was coordinated by the Global Privacy Enforcement Network, and led by the Information Commissioner’s Office in the UK. It follows previous reports on online services for children, website privacy policies and mobile phone apps.

Steven Sanchez, Information Rights Manager at the GRA said:

“There are many Internet of Things devices that have the potential to revolutionise our lives, be it through a toothbrush that monitors how we brush our teeth, an alarm clock that ensures we get the perfect amount of sleep, or a watch that regulates our health as we walk down the street. Whilst the positive elements these devices bring to us are obvious, they will inevitably be collecting and using a constant stream of personal information. Consequently, it is important that companies making these devices are open and clear to their customers in respect of the personal information that they collect, and ensure an appropriate balance is achieved between the enjoyment of these devices and the privacy of those that interact with them.

By working together with other authorities from around the world, it is our hope that this report can raise awareness, and help ensure that Internet of Things devices are enjoyed by all in a responsible manner, with adequate consideration given to the privacy of individuals.”