Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday


Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, our offices are closed to the public until further notice. We are working remotely and we will endeavour to assist you in as much as we are able to do so in the circumstances. Please email any enquiries to or call us on 200 74636, leave a voicemail message and a member of our team will get back to you.

We accept requests for licence applications and renewals by email, together with any necessary licence variations if applicable. Payment for these may be effected by bank transfer only. Licences will then be scanned and sent by e-mail together with a copy of the receipt. The originals will be held for collection at a later date when restrictions are lifted, or posted if required. For any queries regarding the renewal of your licence please send an e-mail to

Welcome to the Gibraltar Regulatory Authority website

GDPR Guidance (5) Data Portability

The General Data Protection Regulation (the “GDPR”) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

This is the fifth of a series of Guidance Notes that the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, will issue in the run up to the 25th May 2018.

This Guidance Note provides general advice on the GDPR’s right of data portability.

The GDPR creates a new right of data portability, which is closely related to the right of access but different in many ways. This new right will allow for data subjects to receive the personal data that they have provided to a data controller, in a structured, commonly used and machine-readable format, and have it transferred to another data controller. Under this new right, the data subject will have more power and control over their own personal data.

Individuals making use of their right of access under the Data Protection Act 2004 were constrained by the format chosen by the data controller when providing the requested information. The new right to data portability aims to empower data subjects regarding their own personal data, as it facilitates their ability to move, copy or transmit personal data easily from one IT environment to another (whether to their own systems, the systems of trusted third parties or those of new data controllers).

Data portability will be an important tool that will support the free flow of personal data between data controllers and therefore, data controllers should start developing and implementing methods which will contribute to answering a data portability request.

The aim of this guidance note is to provide advice on the GDPR’s requirement relating to data portability and assist data controllers to clearly understand their respective obligations. This guidance note includes recommendations on good practice and tools that support compliance with the right to data portability. It also aims to clarify the meaning of data portability in order to enable data subjects to efficiently use their new right.