Welcome to the Gibraltar Regulatory Authority website

GDPR GUIDANCE (8) GUIDANCE ON PERSONAL DATA BREACH NOTIFICATION

The General Data Protection Regulation (the "GDPR"), which came into force on the 25th May 2018 introduced new requirements in relation to the notification of data breaches to the Commissioner (and/or other data protection authorities) and individuals affected by a breach.

This guidance note provides general guidance on the GDPR’s data breach notification requirements, including –

  •  - examples to assist data controllers determine whether they need to notify a personal data breach;
  •  - a flowchart which illustrates the notification requirements under the GDPR; and
  •  - a data breach notification form for data controllers to use should they be required to notify a personal data breach. 

Downloads