Today the Gibraltar Regulatory Authority, as the Data Protection Commissioner, has published its fifth guidance note on the European Union’s General Data Protection Regulation, which will come into force in Gibraltar on the 25th May 2018.

The introduction of the GDPR will represent a significant development in data protection law, with new or revised requirements e.g. concerning the appointment of staff to ensure data protection compliance, easier rights of access to data, and notification of data breaches to individuals. Organisations (both private and public) need to make sure that they are ready before the new law comes into effect.

The GRA is the nominated authority responsible for the enforcement of data protection law in Gibraltar, and carries out the functions assigned to it to uphold the rights of individuals and their privacy. As part of its efforts to promote data protection compliance and good practice, the GRA has set out to issue a series of guidance notes aimed at helping organisations improve their practices and prepare for the GDPR.

The guidance note published today, is the fifth in a series issued in the run-up to May 2018. The guidance note provides general advice on the Right of Data Portability.

The GDPR creates a new Right of Data Portability, which is closely related to the Right of Access but different in many ways. This new Right will allow for individuals to receive the personal data that they have provided to an organisation, in a structured, commonly used and machine-readable (electronic) format, and have it transferred to another organisation. Under this new Right, the individual will have more power and control over their own personal data.

The guidance note is available on the data protection section of the GRA’s website -

For further information contact the Information Rights Division of the GRA on +350 200 74636 or email This email address is being protected from spambots. You need JavaScript enabled to view it.