Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Gibraltar: GRA issues guidance on privacy notices under GDPR

The Gibraltar Regulatory Authority ('GRA') issued, on 16 March 2020, guidance ('the Guidance') on privacy notices under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the Data Protection Act 2004 (as amended in 2018). In particular, the GRA highlighted that individuals should be provided with certain information through a privacy notice when the organisation obtains data directly or indirectly from the individual and processes personal data. Moreover, the Guidance outlines that, when obtaining data directly from the individual, the privacy notice needs to include, among other things, the identity of the organisation as a data controller, including contact details, the legal basis for the collection and the processing of the personal data, as well as whether the information will be shared and the reasons behind the sharing. In addition, the Guidance distinguishes privacy notices from a privacy policy, which is an internal document that details an organisation's internal personal data handling arrangements to ensure compliance with data protection law.

You can read the press release here and download the Guidance here