GPEN Privacy Sweep

The seventh Global Privacy Enforcement Network Privacy Sweep will take place throughout September and October 2019 (the “Sweep”).

The Global Privacy Enforcement Network (“GPEN”) was established to foster cross-border cooperation among privacy authorities. This year around 18 privacy enforcement authorities from around the world, including the Gibraltar Regulatory Authority (“GRA”), as the Information Commissioner, are participating in the Sweep.

The theme for this year’s Sweep is data breach notifications. The topic of data breach notification is particularly relevant as the number of international jurisdictions with mandatory notification requirements is increasing. Several jurisdictions, such as New Zealand, Hong Kong and Singapore, are also in the process of considering the feasibility of adopting a mandatory regime or are in the process of adopting one.

The Sweep will involve a coordinated effort by participants to assess how well organisations are capturing information about data breaches, and whether they are reporting these to the relevant regulator. The Sweep will also be an opportunity for jurisdictions with mandatory notification regimes to reflect on how the organisations within their jurisdictions are performing, and how this performance compares with other parts of the world.

As part of the initiative, participating privacy enforcement authorities will be making enquiries with a number of organisations to get an idea of their awareness of the relevant data breach framework, their internal procedures for handling data breaches, how they respond to data breaches, and whether they have a process in place to prevent future breaches.

This year, the GRA will be focusing on the gambling sector in Gibraltar.

The goal of the Sweep is to identify trends which might guide future education and outreach. The results may also highlight areas for further follow up engagement.

The overall results of this year’s Sweep will be compiled and made public towards the end of the year.

As always, the GRA is available to anyone wishing to discuss matters which affect their privacy, or feel that their data protection rights are not being correctly addressed.

For further information please contact the GRA by telephone on +350 200 74636 or by email on