BREXIT
Until 31st December 2020, the EU General Data Protection Regulation 2016/679 (“EU GDPR”) continued to form part of Gibraltar law. However, following the end of the Brexit transition period, the EU GDPR was superseded by the Gibraltar General Data Protection Regulation (the “Gibraltar GDPR”) on 1st January 2021. Notwithstanding, Gibraltar’s data protection regime remains largely the same, as Gibraltar is committed to maintaining the high standards of the EU GDPR, which has in effect been transposed into domestic law by way of the Gibraltar GDPR.
Gibraltar has however not currently obtained EU adequacy status, and the requirements governing the transfer of data to Gibraltar from the EEA have therefore changed. Data controllers/processors that are subject to the EU GDPR must now ensure to make appropriate arrangements to allow the flow of personal data from the EEA to Gibraltar (e.g. by implementing Standard Contractual Clauses – see Chapter V of the Gibraltar GDPR in respect of International Transfers).
In the following, the Information Commissioner provides links to a series of guidance notes and resources to assist organisations transition into the new post-Brexit regime. Periodic workshops on Brexit are also held by the Information Commissioner’s office.
For further information please contact our office at privacy@gra.gi