Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday.

Welcome to the Gibraltar Regulatory Authority website

GDPR Guidance (5) Data Portability

The General Data Protection Regulation (the “GDPR”) will come into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

This is the fifth of a series of Guidance Notes that the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, will issue in the run up to the 25th May 2018.

This Guidance Note provides general advice on the GDPR’s right of data portability.

The GDPR creates a new right of data portability, which is closely related to the right of access but different in many ways. This new right will allow for data subjects to receive the personal data that they have provided to a data controller, in a structured, commonly used and machine-readable format, and have it transferred to another data controller. Under this new right, the data subject will have more power and control over their own personal data.

Individuals making use of their right of access under the Data Protection Act 2004 were constrained by the format chosen by the data controller when providing the requested information. The new right to data portability aims to empower data subjects regarding their own personal data, as it facilitates their ability to move, copy or transmit personal data easily from one IT environment to another (whether to their own systems, the systems of trusted third parties or those of new data controllers).

Data portability will be an important tool that will support the free flow of personal data between data controllers and therefore, data controllers should start developing and implementing methods which will contribute to answering a data portability request.

The aim of this guidance note is to provide advice on the GDPR’s requirement relating to data portability and assist data controllers to clearly understand their respective obligations. This guidance note includes recommendations on good practice and tools that support compliance with the right to data portability. It also aims to clarify the meaning of data portability in order to enable data subjects to efficiently use their new right.