Contact Us

+350 20079000

This data will only be used by Hassans for processing your query and for no other purpose. View our privacy policy

The EU General Data Protection Regulation

On May 25th, 2018 the European Union’s General Data Protection Regulation came into force, marking a momentous shift in Data Protection legislation worldwide. GDPR not only regulates how data is handled within the EU, it also extends protection beyond the borders of Europe to protect EU citizens whose personal data is transferred outside the region.

Therefore, any business, regardless of location, doing business within the EU must be compliant or else face strong penalties.

What personal data does GDPR cover?

GDPR Gibraltar Lawyers
Key elements of GDPR include the right for EU citizens to request which personal data of theirs is being held, to request deletion of said data and a “Right to be Forgotten”.

Your organisation must, therefore, be fully transparent as to the types of personal data collected, provide valid reasons as to why it is being collected as well as guidance on how to view and, if desired, delete said data, in an easy-to-understand privacy policy.

GDPR defines personal data as any piece of information which can be used to identify an individual – such as one’s name, address, email address, phone number, national ID number, age, sex, race, medical data, financial data or geolocation data – to give just a few examples.

Therefore, in order to collect personal data from an individual and process it, your organisation must have a privacy policy, a privacy notice and a lawful basis for processing. Where the organisation relies on consent as a lawful basis for processing, a positive step must be taken by the individual in order to express consent. This means, for example, that automatic “opt-ins”, such as those traditionally used for collecting email addresses, are no longer permitted.

In short, GDPR guarantees each individual the right to be the masters of their own data and any organisation who is unable to fulfil their commitments in this regard risks heavy fines.

Will GDPR still matter after Brexit?

Yes. Remember that GDPR affects all businesses and organisations doing business with, or operating within, any or all EU member states. Britain leaving the EU will not change this fact.

In fact, many of the first casualties, punished for lack of compliance, were large multinationals, most notably Google, who was fined €50 million in January 2019, by CNIL, the French data protection agency, “for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”

Currently GDPR laws exist in Gibraltar and are supplemented by the  the Data Protection Act 2004 , forming a solid, working foundation for continued post-Brexit GDPR harmonisation.

Sustained compliance with GDPR principals is therefore of continual importance, particularly for multinationals and other organisations who operate across borders.

GDPR lawyers in Gibraltar

From humble beginnings 80 years ago, Hassans has grown to become the largest law firm in Gibraltar. Trusted by generations of Gibraltarians, while also growing its reputation globally, Hassans is consistently Top-Ranked by Chambers Global and rated as a Leading Firm by the Legal 500. Our team of Data Protection lawyers, led by Partner Michael Nahon, has over 15 years’ data protection experience, and advises some of the world’s largest brands including luxury carmaker Porsche and online gaming companies like GVC and 888, on data protection matters.

Hassans also has considerable experience representing client interests with the Gibraltar Regulatory Authority in the event of regulatory action becoming necessary.

If you are unsure as to your specific commitments regarding GDPR and/or related data matters, or require advice/assistance on issues including implementation, administration and training, contact Hassans today.

Latest Insights from Hassans

Musings of a crypto theorist – regulate it, tax it and imitate it

In much of my writings I have always been fascinated by the ‘what if’ and ‘why’. A lot of what I have written is still scattered around the indelible ink […]

Posted on

International Tax Bites Series 2 / Episode 3

In this latest episode of the internationally acclaimed tax podcast series, International Tax Bites, Hassans’ Partner Grahame Jackson and Old Square Chambers’ Harriet Brown look at how to distinguish between […]

Posted on

International Tax Bites Series 2 / Episode 2

International Tax Bites explores concepts and issues in international taxation. In this latest episode the duo, Harriet Brown and Grahame Jackson, go off piste and explore what the greylisting of Malta means, […]

Posted on