Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday

COVID-19 MEASURES

OFFICES & PUBLIC COUNTERS
Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, attendance at our offices and public counters is possible by prior appointment only. Although we aim to carry out all our regulatory duties electronically, we do understand that this may not be possible for everyone. In such cases, an appointment will be arranged. Please note that a face mask is compulsory when attending our public counter.

In the first instance, please contact our offices by e-mailing info@gra.gi or call us on 200 74636 and leave a voicemail message if you are unable to get through and speak to our front desk staff. Voicemail messages are checked very regularly, and a member of our team will get back to you as soon as possible.

LICENCES
We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on licensing@gra.gi and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Please note that a face mask is compulsory when attending our public counter.

Welcome to the Gibraltar Regulatory Authority website

register your DATA PROTECTION officer with the data protection commissioner

The General Data Protection Regulation (“GDPR”) came in to force on the 25th May 2018. The GDPR places emphasis on transparency, security and accountability by data controllers. Its aim is to strengthen rights of individuals to data privacy.

With GDPR comes the newly amended Data Protection Act 2004 (“DPA”) to ensure that Gibraltar’s data protection law falls in line with the requirements of GDPR.

The requirement that existed under the previous legislative regime for data controllers to register their processing operation with the Data Protection Commissioner (“Commissioner”) no longer applies, and this has now been replaced with the Register of Data Protection Officers.

Register of Data Protection Officers

Under section 138 of the newly amended DPA, the Commissioner must establish a register of data protection officers, which shall be available to the public. This requirement falls in line with the requirement under the GDPR for data controllers to appoint a Data Protection Officer (“DPO”) and provide the contact details to the national supervisory authority.

Under the GDPR, certain organisations are required to appoint a designated DPO. Organisations are also required to publish the details of their DPO and provide these details to their national supervisory authority.

An organisation is required to appoint a designated data protection officer where:

  • -the processing is carried out by a public authority or body;
  • -the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale;
  • -the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences;
  • -the organisation is a law enforcement entity and must therefore appoint a DPO as covered by the Law Enforcement Directive; or
  • -finally, an organisation does not meet any of the above requirements, however they voluntarily wish to appoint a DPO

Further guidance on the DPO role is available here.

To notify the Commissioner of your DPO please complete and submit the online form below.

Downloads