GRA fines RGP £5,000 over data protection breach
The Royal Gibraltar Police has been fined £5,000 as a result of the unlawful disclosure of personal data, the Gibraltar Regulatory Authority confirmed on Friday.
The imposition of a fine relates to the unlawful disclosure of data relating to approximately 40 individuals, in breach of data protection legislation.
The Information Commissioner was notified of the breach by the RGP, in line with obligations under the Data Protection Act.
The breach relates to personal data contained in pocketbook entries and witness accounts regarding a police investigation, which were erroneously disclosed to the wrong recipient.
The investigation into the breaches found deficiencies relating to the security measures that the RGP have in place to protect such personal data.
According to the GRA it was found that the RGP breached a number of data protection protocols.
The Information Commissioner, Paul Canessa, said: “The Information Commissioner’s primary role is to ensure compliance with data protection legislation.”
“A fine is only considered for the most serious cases. In this case, the breaches identified in the investigation were considered serious enough to warrant a fine being issued.”
“Amongst other things, the context of the personal data being processed was considered relevant, namely the law enforcement context, where the disclosure of personal data relating to criminal prosecutions can create a real risk of distress for individuals.”