Opening Times

The offices of the Gibraltar Regulatory Authority are open from 9:00am to 5:00pm Monday to Friday


Further to the policy of HM Government of Gibraltar to increase social distancing and slow the spread of COVID-19, attendance at our offices and public counters is possible by prior appointment only. Although we aim to carry out all our regulatory duties electronically, we do understand that this may not be possible for everyone. In such cases, an appointment will be arranged. Please note that a face mask is compulsory when attending our public counter.

In the first instance, please contact our offices by e-mailing or call us on 200 74636 and leave a voicemail message if you are unable to get through and speak to our front desk staff. Voicemail messages are checked very regularly, and a member of our team will get back to you as soon as possible.

We accept requests for licence applications and renewals by e-mail, together with any necessary licence variations if applicable. Payment for these may be effected, preferably, by bank transfer. If this is not possible, card payment via the telephone will also be accepted. Please contact our offices on and a member of our team will direct you to the correct application form on our website. If a paper copy is required, this may also be arranged by calling us on 200 74636. Licences will be scanned and sent by e-mail together with a copy of the receipt. The originals can either be posted or can be held for collection at a prearranged date and time.

Please note that a face mask is compulsory when attending our public counter.

Welcome to the Gibraltar Regulatory Authority website

GDPR Guidance (11) International transfers

The General Data Protection Regulation (the “GDPR”) imposes conditions on transfers of personal data to jurisdictions outside the European Economic Area (the “EEA”) (which includes the European Union).

The purpose of this document is to provide summary guidance on the provisions in Chapter V of the GDPR regarding transfers of personal data to third countries or international organisations. The guidance is useful to a data controller in Gibraltar, as a territory within the EU, to understand its obligations when transferring data outside of the EEA. In the event of a “no-deal” Brexit, this guidance will also be useful to a data controller or processor in Gibraltar as it identifies the mechanisms that may be used to maintain ongoing data flows from the EU/EEA, for example by using ‘ standard contractual clauses’ (“SCCs”).

SCCs are standard sets of contractual terms and conditions, which the sender and the receiver of the personal data both sign up to. They include contractual obligations which help to protect personal data when it leaves the EEA and the protection of the GDPR.

There are two different sets of SCCs, ‘controller to controller’ and ‘controller to processor’, which version to use depends on whether your organisation is receiving the data as a data controller or as a processor.

The template contracts are available below, these include more explanatory notes and guidance.