GRA issues new guidance on data protection

The Gibraltar Regulatory Authority has published its fifth guidance note on the European Union’s General Data Protection Regulation, which will come into force in Gibraltar on May 25, 2018.

The introduction of the GDPR will represent a significant development in data protection law, with new or revised requirements including the appointment of staff to ensure data protection compliance, easier rights of access to data, and notification of data breaches to individuals.

Organisations both private and public need to make sure that they are ready before the new law comes into effect, the GRA reiterated in a statement.

The GRA is the nominated authority responsible for the enforcement of data protection law in Gibraltar, and carries out the functions assigned to it to uphold the rights of individuals and their privacy.

As part of its efforts to promote data protection compliance and good practice, the GRA has issued a series of guidance notes aimed at helping organisations improve their practices and prepare for the GDPR.

The guidance note published today, is the fifth in a series issued in the run-up to May 2018.

The guidance note provides general advice on the Right of Data Portability.

“The GDPR creates a new Right of Data Portability, which is closely related to the Right of Access but different in many ways,” the GRA explained.

This new right will allow for individuals to receive the personal data that they have provided to an organisation, in a structured, commonly used and machine-readable electronic format, and have it transferred to another organisation.

Under this new right, the individual will have more power and control over their own personal data.