The Gibraltar Regulatory Authority (GRA) is in the process of issuing guidelines on the updating of the Data Protection Regulations as it draws closer to 25 th May 2018, the date on which the European Union’s General Data Protection Regulations (GDPR) will come into force in Gibraltar.
The new regulations represent a significant development in data protection law, and organisations in all sectors both public and private must ensure that they are ready to apply the regulations and meet their more stringent requirements in time. Of particular relevance to local businesses, the new requirements will place a greater emphasis on ensuring and evidencing appropriate data compliance, on providing easier rights of access to data to individuals that request it, and on making prompt notification of data breaches to individuals.
The new regulations introduce new rights, obligations and responsibilities. They will affect the ways in which data is used to market, provide services and run businesses. At an operational level, organisations will need to carry out a detailed audit of their data processing procedures, including introducing mandatory Data Protection Impact Assessments under specific circumstances, and ensuring that action is taken to facilitate the “right to be forgotten”.
Organisations will need to demonstrate that they are meeting the requirements in a far more rigorous way than they are currently expected to do, and for many organisations, the preparation work will entail a substantial amount of time and possibly resources. It is therefore advisable to begin preparations for the transition to the new regulations as early as possible. There are fines that can be quite substantial that may be applied in cases of breaches of the regulations.
As the nominated authority responsible for the enforcement of data protection law in Gibraltar, the GRA works to uphold the rights of individuals and their privacy. In order to ensure promotion of data protection compliance and encourage good practice throughout Gibraltar, the GRA is publishing a set of guidance notes. These are aimed at helping organisations to improve their practices and to make themselves ready for the implementation of the GDPR.