Welcome to the Gibraltar Regulatory Authority website

GDPR GUIDANCE (7) GUIDANCE FOR SMES

The General Data Protection Regulation (the "GDPR") came into force on the 25th May 2018, and whilst it brought about changes that reflect the increased importance of data protection in society, many of the main concepts and principles remain the same as the existing data protection framework. The GDPR does however, introduce new elements and significant enhancements, which will require detailed consideration. The GDPR emphasises transparency, security and accountability by organisations, while at the same time standardising and strengthening the privacy rights of European citizens.

This is the seventh of a series of Guidance Notes that the Gibraltar Regulatory Authority, as the Information Commissioner, has issued.

This guidance note provides general guidance on how to help SMEs become GDPR-compliant. It includes a ‘Personal Data Inventory Tool, a ‘Readiness Assessment Checklist’ and a ‘Data Protection Policy Guide’ designed to assist, particularly the small and medium sized enterprises (SMEs), who may not have access to extensive planning and legal resources.

Downloads