Archived Gibraltar Regulatory Authority website


As from January 2004 Gibraltar has had its own data protection law - the Data Protection Act 2004.

The Data Protection Act affects a wide range of businesses, organisations and public bodies. Its central aim is to ensure that information held about people is accurate and that people know how information about them is being used. To achieve this it places responsibilities on persons who control information and gives rights to people about whom information is kept.

This guide aims to assist businesses, organisations and public bodies to prepare for their new responsibilities. It sets out:

who has responsibilities under the Act,

what are the key responsibilities,

who needs to register with the Data Protection Commissioner,

information about transferring data outside Gibraltar,

where you can get more advice.

This guide is for general information only. It is not legal advice or a definitive statement of the law and does not include detailed information about the legal provisions of the Act.


Latest Updates