More guidelines ahead of the General Data Protection Regulation
The Gibraltar Regulatory Authority (“GRA”), as the Data Protection Commissioner, yesterday published the third guidance note on the European Union’s General Data Protection Regulation (“GDPR”), which will come into force locally on 25 May next year.
The GRA is the nominated authority responsible for the enforcement of the data protection law in Gibraltar, and carries out the functions assigned to it to uphold the rights of individuals and their privacy. As part of its efforts to promote data protection compliance and good practice, the GRA has set out to issue guidance notes aimed at helping organisations improve their practices and prepare for the GDPR. A series of guidance notes are expected to be published between now and next May.
The latest guidance note provides general advice on the requirement for organisations to appoint a Data Protection Officer (“DPO”).
“Under the GDPR, it will be mandatory for some organisations to appoint a DPO. However, it is important to note that the appointment of a DPO is not a new concept. Although current data protection law does not include a mandatory obligation for organisations to appoint a DPO, the practice of appointing a DPO has developed and been adopted by organisations throughout the EU to ensure compliance with data protection law,” said a spokesman for the GRA.
The guidance note is available on the data protection section of the GRA’s website - www.gra.gi/data-protection.