This paper presents an analysis of Gibraltar’s data protection landscape based on the Gibraltar Regulatory Authority’s (GRA) Data Protection Survey 2024. The study examines public perception, organisational transparency, and regulatory compliance within the broader context of cybersecurity and data governance. Findings highlight key concerns, including declining trust in data processing, inconsistent regulatory enforcement, and an evolving cyber threat landscape. By exploring sector-specific vulnerabilities, this paper identifies key gaps in current data protection frameworks and proposes best practice recommendations.

Key Findings

The proposed measures focus on enhancing transparency, strengthening security controls, improving incident response capabilities, and ensuring stricter regulatory compliance. This research underscores the need for proactive data protection strategies to safeguard personal information and maintain consumer confidence in an increasingly digitised economy.

Recommendations

  • Enhancing Transparency: Organisations should implement clear and accessible privacy policies, providing users with granular control over their data.
  • Strengthening Security Measures: Adoption of zero-trust architectures and multifactor authentication should be prioritised to mitigate access-related vulnerabilities.
  • Regulatory Enforcement: Increased oversight, including periodic compliance audits and sector-specific guidelines, would facilitate more consistent adherence to data protection regulations.

Conclusion

The analysis highlights key findings related to public perception, organisational transparency, sector-specific vulnerabilities, and regulatory compliance within an evolving cybersecurity environment. An emphasis needs to be placed on enhanced regulatory oversight, proactive cybersecurity strategies, and greater transparency in data handling practices to strengthen consumer trust and organisational resilience against evolving threats.

Download the PDF

Read the GRA report here