Welcome to the Gibraltar Regulatory Authority website

Data Sharing Code of Practice

Under the right circumstances and for the right reasons, data sharing between organisations can be beneficial to society and individuals. For that reason, today the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, has published a Code of Practice for data sharing (the “Code of Practice”).

It is important for organisations to understand what can be done legally, and what cannot be done when considering sharing personal data. The Code of Practice aims to help individuals and organisations from being disadvantaged as a result of excessive caution or carelessness in disclosure. Where unjustified disclosures occur, serious harm to individuals and society may be caused. In such circumstances, the citizens’ rights under the Data Protection Act 2004 (“DPA”) must be respected and organisations have to comply with their obligations under the DPA.

This document provides good practice for the sharing of personal data and delivers a general framework, which organisations can use to develop their own data sharing agreements. Each organisation must adapt it in accordance with their circumstances, taking into account the nature of the data involved and type of data sharing.

To see the full document, please download it on the link below.