Gibraltar Chronicle Logo
Local News

GRA publishes ‘no deal’ Brexit guidance on data protection

File photo dated 31/03/17 of the Union flag and the EU flag flying from the same mast above the Summerhall building in Edinburgh. EU citizens living in the UK are in Brussels to urge members of the European Parliament and Commission to ensure their rights are guaranteed after Brexit. PRESS ASSOCIATION Photo. Issue date: Thursday May 11, 2017. Anne-Laure Donskoy will tell MEPs that EU citizens' rights "to work, to marry, to have access to health services and education, to build a business" are "at risk" and should be "guaranteed and preserved not just for the short or medium term but permanently". See PA story POLITICS Brexit. Photo credit should read: Jane Barlow/PA Wire

The Gibraltar Regulatory Authority yesterday published a guidance note for local businesses to help ensure the continuity of data flow in the event of a no-deal Brexit.

Although the Gibraltar Government aims to retain the European Union’s GDPR within domestic law, businesses will need to ensure they continue to be compliant with data protection law.

The 6-step guide provides local organisations with advice and assistance on how the data flows which are crucial to business and other activities are maintained.

For businesses that operate locally, there will not be an immediate change.

However businesses that operate internationally may need to make changes ahead of the UK and Gibraltar leaving the European Union to ensure the minimal risk of disruption.

A spokesman for the Government said: “To ensure the Gibraltar data protection framework continues to operate effectively when the UK is no longer an EU Member State, the government will make appropriate changes to the GDPR and the Data Protection Act 2004.”

The 6-step guide provides information on businesses which continue to comply with GDPR standards, transfers to Gibraltar, transfers from Gibraltar, European operations, documentation that needs updating when the UK and Gibraltar leave the EU, and organisational awareness.

Some of the key components of the no-deal Brexit framework includes preserving the EU GDPR standards in domestic law and transitionally recognise all EEA countries, including EU member states and the UK, as “adequate” to allow data flows from Gibraltar to the UK and Europe to continue.

The regulations would also preserve the effect of existing EU adequacy decisions on a transitional basis and will recognise EU Standard Contractual Clauses in Gibraltar law and give the information commissioner the power to issue new clauses.

Binding corporate rules authorised before Exit day would be recognised and the extraterritorial scope of the Gibraltar data protection framework will be maintained.

The regulations would also oblige non-Gibraltar controllers subjected to the local data protection framework to appoint representatives in Gibraltar if they are processing data on a large scale.

To read the Information Commissioner’s 6-step guide, visit

Most Read

Local News

Plans filed for 150-room Marriott hotel

Download The App On The iOS Store