International review of how well organisations have implemented Privacy

International review of how well organisations have implemented Privacy Accountability into their own internal privacy policies

Privacy accountability has become recognised globally as a key principle of data protection. Accountability essentially requires organisations to take certain steps to implement applicable data protection rules and requirements, and to be able to demonstrate how these have been incorporated into their own internal privacy policies and programmes.

With this in mind, the Global Privacy Enforcement Network (“GPEN”) has coordinated the sixth privacy review (the “Sweep”) which focuses on the theme of accountability. The Sweep began in September and will continue to take place throughout October.

GPEN consists of privacy enforcement authorities from around the world, whose aim is to promote and support cooperation in cross-border enforcement of laws protecting privacy.

As part of the initiative, twenty participating privacy enforcement authorities, including the Gibraltar Regulatory Authority (“GRA”), as the Information Commissioner, have been making enquiries with a number of organisations to get an idea of how the concept of accountability has been incorporated into everyday business practices, specifically in relation to internal privacy frameworks, internal governance structures, training and awareness, transparency, incident management regimes, and their ability to document stored data and track data transfers.

Locally, the GRA are focusing on privacy accountability in the telecommunications sector.

The goal of the Sweep is to identify trends which might guide future education and outreach. The results may also highlight areas for further follow up engagement after the Sweep.

The overall results of this year’s Sweep will be compiled and made public towards the end of the year.

2nd Floor, Eurotowers 4
1 Europort Road
Tel: +350 20074636
Fax: +350 20072166

As always, the GRA is available to anyone wishing to discuss matters which affect their privacy, or feel that their data protection rights are not being correctly addressed. For further information please contact the GRA by telephone on +350 200 74636 or by email on