• Government Disappointed at EU Parliament Delisting Vote

  • Government Disappointed at EU Parliament Delisting Vote

    The Government says it notes, “with disappointment”, the European Parliament’s objection, today, to the entry into force of the European Commission’s decision to remove certain jurisdictions, including Gibraltar, from the EU’s list of ‘high-risk’ third-countries with strategic deficiencies as regards anti-money laundering and counter-terrorist financing (“AML/CFT”). 

    Read more

  • Holland And Barrett Vitamins Gibraltar Offer

Dec 19 - Data Protection Commissioner Prosecutes First Ever Case Under The Data Protection Act

Written on .

Following a complaint regarding the refusal to supply personal data following a subject access request, the Data Protection Commissioner has successfully prosecuted Oxford Learning College, a local company, for failure to comply with the Data Protection Act.

The matter stems back to the beginning of the year where an investigation was commenced after having received a complaint about the Oxford Learning College. The complaint revolved around the failure to provide an individual with the information that was being held about him, which, in accordance with the Data Protection Act, had to be disclosed. During the investigation, it was found that Oxford Learning College had in fact deleted the information in question after the subject access request had been made to it, thus putting itself in a position where it could no longer comply with the request.

“Whilst the role of the Data Protection Commissioner is to ensure compliance via his enforcement powers, in this case the matter could not be resolved and so, I decided that the company should be prosecuted for the offence committed,” said Data Protection Commissioner Mr Paul Canessa.

Oxford Learning College pleaded guilty in the Magistrates’ Court and was fined £1,000 for failure to comply with a subject access request. The Stipendiary Magistrate recognised that the Data Protection Act imposes a serious responsibility on data controllers and that they should be aware of what they are doing with regards to the personal data they process.

The GRA says the case brings to light the importance of complying with the data protection requirements imposed on all persons who control personal data, and ensuring requests for information are dealt with in accordance with the law.

It is significant too that in May 2018, the General Data Protection Regulation (“GDPR”) will come into effect and many local companies may need to carry out significant audits to ensure compliance with it.

“It is imperative that key personnel in all organisations are aware that the law is changing to the GDPR, and start to factor this into their future planning. They should start to identify areas that could cause compliance problems under the GDPR”, said Mr Canessa.

Initially, data controllers should review and enhance their organisation’s risk management processes, as implementing the GDPR could have significant implications for resources, especially for more complex organisations. Any delay in preparations may leave organisations susceptible to compliance issues following the GDPR’s introduction.

For further information please contact the Information Rights Division of the GRA on 200 74636 or This email address is being protected from spambots. You need JavaScript enabled to view it.


{fcomment}

 

share with Whatsapp