How will the GDPR Impact on Online Gambling?

On May 25th this year, the EU is set to release a brand new piece of legislation in the form of the General Data Protection Regulation (GDPR), with the primary goals of affording citizens more control over how their personal data is used.

This represents a huge development across a host of markets, particularly with non-compliance or infringements likely to carry fines of up to €20 million (£23.6 million) or 4% of a company's total global turnover from the preceding financial year.

With this in mind, it's little wonder that businesses are adopting a proactive approach to ensuring that they comply with the GDPR. In this post, we'll address this legislation from the perspective of the online gambling market, and ask how this will impact on the sector.

 1. Changes in Internal Governance and Responsibility


Under the stringent terms of the GDPR, there will be an increased emphasis on being able to demonstrate compliance.

More specifically, gambling operators will need to actively approve that they're complying with the fundamental terms of the legislation and respecting the wishes of their customers.

As a result, operators will have to focus on maintaining a clear record of all data processing activities and associated procedures, including the initial collation of information and its storage.

If this is adhered to, audits may well find that operators are in breach of their responsibilities and could be forced to pay the financial penalty.

2. Creating New Protocols for Security Breaches


In simple terms, the GDPR was created as an upgrade for the Data Protection Directive, in order to ensure that consumer data is protected in line with existing technology and security threats.

It therefore includes new provisions and protocols for security breaches, and it's important that online gambling operators are aware of these and able to factor them into their core operations.

In the event of a personal data breach, the GDPR will introduce a notification regime system that alerts handlers in real-time, and they'll be required to report such instances no later than 72 hours after they've been informed of the development.

So, it's imperative that operators are in a position to identify and react quickly to security breaches, while also complying with all other aspects of the comprehensive GDPR legislation.

3. Changing the Boundaries of Data Portability

Under the existing data legislation, customers have the right to demand a copy of any personal data that is held about them.

Ultimately, the data portability right applies where personal data has been collated with the consent of the subject, but not where it has been processed on a legitimate interest ground for pursuing this course of action.

It's therefore important that operators streamline and understand their data collection processes in line with the precise terms of the GDPR, as otherwise they run the risk of non-compliance and being hit with huge financial sanctions.

 This is arguably one of the most complex aspects of the new GDPR legislation, so operators must spend time getting to grips with this as a key priority.


Add comment

Security code

Best online casinos

Royal PandaRoyal Panda