GRA issues GDPR guidance for small companies
The Gibraltar Regulatory Authority has published the seventh guidance note on the European Union’s General Data Protection Regulation and Gibraltar’s Data Protection Act 2004.
In a statement the GRA explained that even small business fall within the scope of the legislation.
All companies, regardless of their size, have data protection obligations.
However, the law is flexible and the standards that organisations implement should be proportionate to their data processing.
This guidance note is aimed at helping small to medium sized enterprises ensure GDPR-compliance and features a series of tools which have been designed to assist such companies in particular, who may not have access to extensive planning and legal resources.
The guidance note is available on the data protection section of the GRA’s website - http://www.gra.gi/data-protection/general-data-protection-regulation.
“Using this guide, along with our first GDPR Guidance Note namely “Getting Started” will help SMEs implement data-protection compliant arrangements,” the GRA said in a statement.
The GRA is the nominated authority responsible for the enforcement of data protection law in Gibraltar and carries out the functions assigned to it to uphold the rights of individuals and their privacy.
As part of his efforts to promote data protection compliance and good practice, the Information Commissioner issues guidance notes aimed at helping organisations improve their data protection practices and comply with the law.
For further information please contact the Information Rights Division of the GRA on +350 200 74636 or email firstname.lastname@example.org.