Guidance on Consent

The Gibraltar Regulatory Authority (“GRA”), as the Information Commissioner (the “Commissioner”), is the nominated authority responsible for the enforcement of data protection law in Gibraltar and carries out the functions assigned to it to uphold the rights of individuals and their privacy.

As part of his efforts to promote data protection compliance and good practice, the Commissioner issues guidance notes aimed at helping organisations improve their data protection practices and comply with the law.

The Commissioner has today published a guidance note which provides information and guidance on the conditions for consent under the Data Protection Act 2004 and the General Data Protection Regulation (“GDPR”). It is important to note that the concept of consent is not new, as its definition and role remain similar to that under the previous EU Data Protection Directive 95/46/EC.

Consent is one of the six lawful bases to process personal data under Article 6 of the GDPR. When initiating activities that involve processing of personal data, data controllers should take time to consider what would be the appropriate lawful ground for the envisaged processing.

The guidance note is available on the data protection section of the GRA’s website –

For further information please contact the Commissioner’s office on +350 200 74636 or email: