Welcome to the Gibraltar Regulatory Authority website

Data Protection Commissioner prosecutes first ever case under the Data Protection Act

Following a complaint regarding the refusal to supply personal data following a subject access request, the Data Protection Commissioner has successfully prosecuted Oxford Learning College, a local company, for failure to comply with the Data Protection Act.

The matter stems back to the beginning of the year where an investigation was commenced after having received a complaint about Oxford Learning College. The complaint revolved around the failure to provide an individual with the information that was being held about him, which, in accordance with the Data Protection Act, had to be disclosed. 

During the investigation, it was found that Oxford Learning College had in fact deleted the information in question after the subject access request had been made to it, thus putting itself in a position where it could no longer comply with the request.

“Whilst the role of the Data Protection Commissioner is to ensure compliance via his enforcement powers, in this case the matter could not be resolved and so, I decided that the company should be prosecuted for the offence committed”, said Data Protection Commissioner Mr Paul Canessa.

Oxford Learning College pleaded guilty in the Magistrates Court and was fined £1,000 for failure to comply with a subject access request. The Stipendiary Magistrate recognised that the Data Protection Act imposes a serious responsibility on data controllers and that they should be aware of what they are doing with regards to the personal data they process.

To see the full document, please download it on the link below.