Welcome to the Gibraltar Regulatory Authority website

GDPR Guidance (12) Data Protection and Brexit for Law Enforcement Processing

As per sections 39 and 40 of the Data Protection Act 2004 (the “DPA”), the processing of personal data by a Law Enforcement Authority (“LEA”) for “law enforcement purposes” is regulated by Part III of the DPA, not the General Data Protection Regulation.

This guidance note highlights the five steps LEAs can take to prepare for data protection compliance if Gibraltar leaves the EU without a deal.

If you are not an LEA, or you are an LEA processing for non-law enforcement purposes (e.g. HR records), refer to our separate Guidance Note namely  “Getting Ready for Brexit”.

Downloads