The effect of GDPR on EU gambling companies

These comments were first included in an article on the Gambling Compliance website.

Gambling operators will face increased fines for data breaches when GDPR comes into force next May, with marketing practices the area where new rules are likely to have the greatest impact.

Wiggin data protection specialist, Patrick Rennie, comments “in theory, gambling operators should be better prepared for documenting and notifying regulators of a data breach.”

Of most relevance is the current investigation by the Information Commissioner’s Office (ICO) over affiliate marketing practices. The investigation suggests that promotional activities should be the source of “most concern” for gambling companies. In combination with the ICO’s 12-step guide to the GDPR, published at the start of June 2017, the ICO’s recent interest in the sector should “put companies on notice”.

“What you don’t want to happen is to be caught out after next May when the fines increase” he said.

The need for a paper trail providing evidence of all actions relating to the use and storage of customer data is perhaps the biggest challenge for the operators, suggested Rennie.

“Previously, the [information] regulator assumed everything was fine until they were notified. But now they are assuming that something is wrong and the burden of proof from the operators will be to show that they are compliant.”