Today the Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, has published its second guidance note on the European Union’s General Data Protection Regulation (“GDPR”), which will come into force in Gibraltar on the 25th May 2018.

The introduction of the GDPR will represent a significant development in data protection law, with new or revised requirements e.g. concerning the appointment of staff to ensure data protection compliance, easier rights of access to data, and notification of data breaches to individuals. Organisations (both private and public) need to make sure that they are ready before the new law comes into effect in May 2018.

The GRA is the nominated authority responsible for the enforcement of the data protection law in Gibraltar, and carries out the functions assigned to it to uphold the rights of individuals and their privacy. As part of its efforts to promote data protection compliance and good practice, the GRA has set out to issue a set of guidance notes aimed at helping organisations improve their practices and prepare for the GDPR.

The guidance note published today, is the second in a series that the GRA will issue in the run-up to May 2018. The guidance note provides general advice on the Lead Supervisory Principle, which is introduced in the GDPR. Under this new principle, organisations with several establishments in the EU can benefit from the Lead Supervisory Authority principle and only have to report to one Supervisory Authority i.e. the Lead Supervisory Authority. This is also known as the “one-stop-shop” mechanism, which allows for a more cost-effective approach and is seen as a solution to the problems faced by organisations who operate across multiple EU Member States.

The guidance note is available on the data protection section of the GRA’s website - www.gra.gi/data-protection