Navigating GDPR: A Guide for Gibraltar businesses with customers across Europe

Navigating the GDPR Maze: A Guide for E-commerce Businesses in Gibraltar, UK, and EU

Peter Howitt

Managing Director

In today’s digital age, the General Data Protection Regulation (GDPR) stands as a cornerstone of data protection, especially for e-commerce businesses operating across borders. For those in Gibraltar targeting markets in the UK and the EU, understanding and adhering to these regulations is not just a legal necessity but a critical factor for building trust and ensuring long-term success.

The world’s increasing political volatility and the risk of misuse of advanced technologies, including Artificial Intelligence (AI), underscore the importance of robust data protection laws. The GDPR, originally established by the European Union, has set a global standard for how personal data should be handled.

Following Brexit, both Gibraltar and the UK have implemented their own data protection laws that mirror the GDPR, creating a complex yet crucial landscape for businesses to navigate.

For e-commerce operations in Gibraltar, non-compliance with GDPR can lead to severe financial penalties, including fines of up to €20 million or 4% of annual global turnover. Beyond the financial risks, non-compliance can severely damage reputation, erode customer trust, and trigger costly legal battles. Therefore, a comprehensive understanding of GDPR requirements is paramount.

Key Principles for E-commerce Compliance

At the heart of GDPR compliance is establishing a lawful basis for processing personal data. For most e-commerce activities, consent and contractual necessity are the most relevant. Consent must be explicit, freely given, specific, informed, and unambiguous. Customers must actively opt-in, with clear language and granular options. Additionally, businesses must provide easy mechanisms for customers to withdraw their consent.

Contractual necessity allows for processing data essential for fulfilling a contract, such as processing orders and payments. Data minimization is another crucial principle, requiring businesses to collect only the data necessary for a specific, legitimate purpose. Transparency is also essential, with clear and concise privacy policies outlining data collection, usage, and sharing practices.

Customers also have specific rights under GDPR, including the right to access, rectify, erase, restrict processing, data portability, and object to processing their data. Ensuring the security of personal data through technical and organizational measures, like encryption and access controls, is also a fundamental obligation. In the event of a data breach, businesses must notify the relevant supervisory authority within 72 hours.

Gibraltar and UK GDPR: Mirroring and Diverging

Gibraltar’s data protection legislation closely aligns with the EU GDPR, with technical adjustments to fit its legal context. The Gibraltar Regulatory Authority (GRA) acts as the supervisory authority, enforcing both the Gibraltar GDPR and the Data Protection Act 2004. This close alignment simplifies compliance for businesses operating in both jurisdictions, but familiarity with local terminology and the GRA’s role is essential.

The UK GDPR, enacted after Brexit, mirrors the EU GDPR with necessary amendments for the UK legal system. This continuity ensures that many EU GDPR compliance measures remain applicable in the UK. The European Commission’s Adequacy Decision facilitates the free flow of personal data between the EU and the UK (and Gibraltar). However, certain differences exist, particularly regarding the processing of criminal data and automated decision-making. The Information Commissioner’s Office (ICO) is the UK’s independent supervisory authority.

Specialised Challenges and Considerations

Certain sectors, like street mapping, payment processing, and cryptocurrency, face unique GDPR challenges. Street mapping companies must conduct Data Protection Impact Assessments (DPIAs) to address risks associated with collecting location data and imagery. Payment service providers (PSPs) must establish clear controller-processor agreements with e-commerce businesses, defining roles and responsibilities under GDPR. Cryptocurrency and Virtual Asset Service Providers (VASPs) need to address the decentralized and pseudonymous nature of blockchain technology, ensuring compliance with data subject rights and security measures.

Effective communication with customers is also critical. Direct marketing requires explicit consent, privacy statements must be clear and accessible, and international data transfers need appropriate safeguards like Standard Contractual Clauses (SCCs). Other legal considerations include trademark protection, cross-border taxation, and comprehensive terms and conditions for websites and services.

Navigating the GDPR landscape across Gibraltar, the UK, and the EU demands a proactive and continuous commitment to compliance. By prioritizing data privacy and adhering to these regulations, e-commerce businesses can mitigate legal risks, build customer trust, and enhance their brand reputation. Seeking professional legal advice tailored to specific operations and jurisdictions is strongly recommended to establish robust compliance frameworks.

See our more detailed summary of GDPR issues for your online business at Ramparts’ GDPR Hub.

News & Insights

March 30, 2026

Cryptoasset Theft Without Conversion: Rethinking Litigation Strategy After Ping Fai Yuen v Fun Yung Li

Cryptoasset Theft Without Conversion: Rethinking Litigation Strategy After Ping Fai Yuen v Fun Yung Li   Steven de Lara Head of Litigation, Trusts and Financial Services Arnas Urbutis Trainee Associate The rapid growth of digital assets continues to highlight a fundamental tension in English law: while cryptoassets are now clearly recognised as property, the legal tools available to recover that property have not evolved at the same pace. The High Court’s recent decision in Ping Fai Yuen v Fun Yung…

March 25, 2026

The Gibraltar Gambling Act 2025 – A Structural Shift in Regulatory Scope and Supervision

The Gibraltar Gambling Act 2025 – A Structural Shift in Regulatory Scope and Supervision Andrew Tait Head of Betting & Gaming The enactment of the Gambling Act 2025 represents a significant evolution in Gibraltar’s regulatory framework, moving away from a system historically linked to the location of infrastructure towards a more modern, hlistic and substance-driven regime. The legislation continues the separation between licensing and supervisory functions, with the Minister acting as the Licensing Authority, and a more empowered Commissioner, supported…

The three pillars of the Gibraltar Authorisation Regime
March 9, 2026

The Gibraltar Authorisation Regime (GAR) & UK Market Access

The Gibraltar Authorisation Regime (GAR) represents the permanent legislative framework enabling Gibraltar-based financial services firms, including payment service providers (PSPs) and e-money institutions (EMIs), to access the UK market following Brexit. It requires transparency and careful management by Gibraltar firms benefiting from UK market access.

More >>

Trusts across Borders –
Some Key Points

A brief summary of the main points to consider when using Gibraltar trusts as a means of managing inter-generational wealth, asset and protection and lawful tax planning

Peter Howitt

Managing Director

Unlocking the Benefits of Gibraltar Trusts: A Summary 

Gibraltar, a British Overseas Territory on the Mediterranean, has become a leading jurisdiction for trust establishment. Gibraltar’s stable political environment, English law legal framework, favourable tax policies and strong confidentiality protections, makes it an ideal choice for wealth management, asset protection, and succession planning. In addition, Gibraltar has no capital gains or inheritance taxes.

This guide explores the key elements of Gibraltar trusts, the types available, and critical tax considerations for both Gibraltar and UK residents. 

Please also see our guide to the use of Private Foundations, for those circumstances where a body corporate, with its own separate legal and tax identity, would be more suitable (e.g. jurisdictions that do not commonly recognise trust structures).

 

Key Elements of a Trust

A trust in Gibraltar, like in other jurisdictions, involves the transfer of legal ownership of assets from a settlor to a trustee, who holds and manages those assets for the benefit of specified beneficiaries. The creation of a valid trust requires fulfilling the “three certainties”:

  • Certainty of Intention: The settlor must clearly express their intention to create a trust. For example, a trust deed stating, “I declare that these assets are held in trust,” demonstrates certainty of intention. In some cases a trust may be created without a deed (e.g. bare trusts).
  • Certainty of Subject Matter: The trust assets must be clearly identified, such as “shares in Company XYZ” or “property at 123 Main Street.”
  • Certainty of Objects: The beneficiaries or purpose of the trust must be identifiable. For instance, “my children, John and Jane,” satisfies this requirement.

These foundational principles ensure the trust’s validity and enforceability.

 

 

Common Law and Equitable Principles

Gibraltar’s trust law is based on English common law and equitable principles, which guide trustee duties and powers:

  • Trustee Duties: Trustees are bound by fiduciary obligations to act in the best interests of beneficiaries, avoid conflicts of interest, and exercise due care and skill in managing trust assets.
  • Trustee Powers: Trustees are granted specific powers within the trust deed, such as the ability to invest, distribute, or manage trust assets. These powers must be exercised prudently and for proper purposes.
  • Equitable Maxims: These principles underpin the operation of trusts. For example:
    • “Equity will not allow a trust to fail for want of a trustee” ensures continuity by allowing courts to appoint a new trustee if needed.
    • “Equity looks to the intent rather than the form” protects the trust’s purpose even if minor formal defects exist.

 

Main types of Trust

Fixed Trust

  • Beneficiaries and Beneficial Share: The beneficiaries are specifically named, and their beneficial share of the trust’s assets are predetermined and fixed in the trust deed.
  • Trustee’s Discretion: The trustee has limited discretion, primarily concerning the timing of distributions and the management of the assets. They cannot alter the ultimate distribution of the trust fund.
  • Example: A trust holds two properties for two beneficiaries and the settlor requires that the trust fund must hold property A for one beneficiary and property B for the other beneficiary. The trustee must follow this instruction and deal with the properties and any income from them separately for the benefit of each beneficiary.

Bare Trust

  • Beneficiary’s Control: The beneficiary has the absolute right to both the capital and income of the trust at any time, provided they are of legal age.
  • Trustee’s Role: The trustee’s role is minimal, mainly holding legal title to the assets for the beneficiary. They have very limited discretion.
  • Example: A grandparent sets up a trust for their grandchild and transfers it to their son who has to hold it until the grandchild reaches the age of majority (which is 18 in England & Wales).

Discretionary Trust

  • Beneficiary Class: The trust deed specifies a class of potential beneficiaries, but the trustee has the discretion to decide which beneficiaries within that class will receive distributions, when, and how much. Additional beneficiaries may also be added (e.g. children of the initial beneficiaries) 
  • Trustee’s Discretion: The trustee has significant discretion in managing the trust and making distribution decisions. However, the settlor may provide a non-binding letter of wishes to the Trustee to guide them.
  • Protector: Given the wide discretion afforded the Trustee a protector is often appointed to ensure the purpose and spirit of the trust is honoured.
  • Example: A trust is set up for the benefit of the settlor’s children and grandchildren. The trustee decides which family members receive distributions and the amount each receives.

Key Differences

  • Control: In a bare trust, the trustee has no discretion in how to deal with the trust assets. In a fixed trust, the trustee has some discretion but they must hold the assets for the benefit of the specified beneficiary as instructed. In a discretionary trust, the trustee has significant control and discretion.
  • Flexibility: Discretionary trusts offer the most flexibility, as the trustee can adapt distributions to the beneficiaries’ changing needs. Fixed trusts have less flexibility, and bare trusts have almost none.
  • Tax Planning: Discretionary trusts are often used for tax planning purposes due to the trustee’s ability to manage income and capital gains distributions strategically and ring-fence the assets from the estates of beneficiaries and any claims against them .

 

Use of Discretionary Trusts

Given the ability discretionary trusts afford the trustee to adapt to changing circumstances, new potential beneficiaries and generally evolve over time, these are the most common type of trust used for inter-generational asset protection, wealth management and tax planning. 

In addition, unlike some other trusts, with these trusts the assets are owned and controlled with significant discretion by the trustee:

  • The trustee has wide powers and duties, including discretionary distribution, investment decisions, and administrative powers. 
  • A protector can be appointed to oversee the trustees and ensure the trust is managed appropriately.
  • A letter of wishes allows the settlor to outline their preferences for how the trust should be managed, guiding the trustees without restricting their discretion. While not legally obligated to follow the letter of wishes, trustees usually give significant weight to the settlor’s intentions.
  • Discretionary trusts can offer tax benefits, but tax treatment varies by jurisdiction.
  • It is crucial to avoid sham trusts where the trustee merely follows the settlor’s instructions. The intention to create a genuine discretionary trust is crucial.
  • Discretionary trusts can be used for various purposes, including asset protection, tax optimization, and estate planning.
    • Flexibility: Trustees have the discretion to distribute assets according to beneficiaries’ changing circumstances.
    • Asset Protection: Assets are protected from creditors and divorce settlements as beneficiaries do not have fixed entitlements.
    • Privacy: Beneficiaries’ rights and distributions are not publicly disclosed.
    • Tax Planning: Trusts may be structured to achieve tax efficiencies.

 

Taxation of Gibraltar Trusts

Gibraltar’s attractive tax regime is a major draw for settlors. Key tax features include:

  • Trustee-Level Taxation: Trusts are generally taxed at the trustee level. However, trusts that exclude Gibraltar residents as beneficiaries and do not hold Gibraltar-based assets are not considered tax-resident in Gibraltar and therefore avoid corporate tax.
  • Practical Example: A Gibraltar trust holding overseas investments for non-resident beneficiaries can accumulate income tax-free (and there is no capital gains), enhancing long-term wealth growth.

 

Cross-border Tax Considerations

It is necessary to consider the domicile and tax residence of the settlor, the trustee and any beneficiaries when establishing and operating a trust.

For example, for UK residents, Gibraltar trusts offer potential tax advantages but come with complexities.  Key considerations include:

  • Settlor-Interested Trusts: If a UK-domiciled settlor creates a trust and retains a benefit (e.g., access to trust income), the trust may be deemed “settlor-interested,” leading to attribution of income and capital gains to the settlor for UK tax purposes.
    • Transfer of Assets Abroad (TOAA) Rules: UK residents transferring assets to a non-UK trust may trigger TOAA rules, potentially attributing trust income to the settlor. Careful structuring and professional advice are essential to avoid unintended tax liabilities.
    • Attribution of Gains: The settlor might still be liable for CGT on gains made by the trust on transferred assets. This can happen if the settlor retains certain powers over the trust or if the trust is deemed to be ‘settlor-interested’.
  • Excluded Property Trusts: Non-UK domiciled individuals can establish trusts with non-UK situs assets classified as “excluded property trusts.” These trusts offer inheritance tax benefits even if the non-UK domiciled person is resident in the UK and even if the settlor retains some indirect benefit.

The tax rules are complex and specialist advice should be sought prior to finalising the trust structure.

 

Practical Considerations

When establishing a Gibraltar trust, consider the following:

  • Choice of Trustees: Appoint experienced and reputable trustees to ensure proper administration and compliance. Ramparts is a regulated Foundation Councillor and Trustee.
  • Consider whether a Protector is needed: This provides additional comfort that the trust will be operated effectively, that investment decisions will be prudent and that the proposed distributions are in line with the purpose of the Trust.
  • Letter of Wishes: A settlor can provide non-binding guidance to trustees on managing and distributing assets without compromising the trust’s structure.
  • Confidentiality: Gibraltar provides robust confidentiality protections (though disclosure may be required under international agreements like CRS).
  • Legal and Tax Advice: Professional advice from qualified lawyers and tax advisors is essential to optimise the trust’s structure and ensure compliance with Gibraltar and the laws of the country where the settlor and beneficiaries are resident and domiciled.

 

Conclusion

Gibraltar’s robust legal framework, confidentiality, and favourable tax regime make its trust structures an attractive solution for asset protection, wealth management, and succession planning. 

By understanding the key elements, legal principles, and tax implications, individuals and families can leverage Gibraltar trusts to achieve financial and legacy goals. Navigating the complexities of international tax laws requires careful planning and professional guidance to unlock the full potential of trusts and avoid costly mistakes.

Get in touch to find out how we can help you navigate the cross-border complexities of trusts, foundations, company structures, partnerships and fund structures for your private client or family office needs.

News & Insights

More >>