GDPR and Betting: 8 Ways GDPR Affects Online Casinos
In 2016, the EU shocked many businesses with the announcement of GDPR. This directive aimed to change the EU data -gathering landscape, and sent many industries, including gaming operators, scrambling as they tried to understand the impact of these new laws. It’s been almost four years since the announcement, and how has GDPR actually affected the world of online gambling?
Wait a minute, what is GDPR?
In a nutshell, GDPR is a set of laws designed to better protect EU citizens and their personal data. Prior to the introduction of the GDPR, legislation around data protection was weak, resulting in companies abusing personal data, or taking inadequate steps to protect it. The EU saw how critical it was to protect this new resource, which some claimed was worth more than oil, as well as the people behind it. As a result, GDPR was created.
At this point, you may be asking what this has to do with you, the online gambling player? Many online casinos handle and gather a player’s personal data, such as confidential information that is required to verify their identity. Any organisations that handle personal data, including these gaming companies, are also affected by GDPR.
But what exactly does that mean for the player and gaming operators, who are already operating under strict regulations? Here’s how GDPR has changed things:
May I please use your personal data?
In the past, companies often bundled consent on various things together. For example, if you signed up for a newsletter or created a profile for an online store, you could also be giving the business permission to send you other promotions or to mine your web browser for any data that they found relevant.
To put this in a slightly different context, imagine giving the electrician permission to come into your house, and they just started helping themselves to the food in your fridge? And when you did complain, they held up your contract and said: “Sorry, it was here in the fine print.”
GDPR eliminates this by requiring that any company that handles your personal data must get your consent specifically for it, and that it must be done using clear, easy to understand terms.
I’d like to see what you know about me
It may not surprise you that companies like Facebook and Google know a lot about you, but what do gaming operators know? Under GDPR, you are able to request a copy of any personal data that the organisation processes under the right of access.
This means that you can access, or limit access to, all of the personal data which is stored when you use a site, for example, when you play games like online poker.
You can have your online history erased
Under GDPR, you have the right to be forgotten and not have your personal data stored. However, remember that many of these service providers make use of your personal data to provide you with specific services or offers that are of interest to you.
For example, if a gaming operator doesn’t have access to any of your personal data, they can’t offer you bonus credit on your favourite game or let you know when they are running special events for any of the games you play
You can give all your data away (to other operators)
If you’re unhappy with a service provider and want to move to a new one, you have the right to data portability. This means your new service provider doesn’t have to start from scratch and can use your existing information to provide you with an experience that hopefully matches your expectations.
You can choose if you want a cookie, or not
Wouldn’t it be great if gaming operators sent you biscuits? Unfortunately, that’s not the type of cookies that we’re talking about here.
Thanks to GDPR, players are no longer immediately greeted with a welcome offer at gambling sites they’re visiting for the first time. Instead, a privacy pop up appears that details how the company makes use of web browser cookies, which can contain different types of personal data, varying from your preferences for the site, to managing your login state. These cookies are another tool that many service providers use to improve your overall experience.
A special mandatory role has been created to ensure your information is correctly handled
To ensure businesses take data management seriously, all companies must have a Data Protection Officer (DPO). The following article from the ICO highlights the responsibilities of the DPO:
- They must ensure that the company is compliant with GDPR, other data protection legislation, as well as internal data protection policies
- They must also ensure every member of the company is aware of GDPR and has received adequate training
- They are responsible for performing audits
- They will offer an organisation advice to ensure they meet their data protection commitments
- They will assist with Data Protection Impact Assessments (DPIAs) by offering advice and monitoring the process
- They must consider the risks associated with data processing
- They are a point of contact for the Information Commissioner’s Office (ICO)
If players have any requests about the personal data a casino has, the DPO is required to help them address the issue.
Because of GDPR, Brexit will affect where you can play
GDPR legislation is applied to members of the EU, but what happens to gaming operators when the UK finally leaves the European Union? Once this takes place, the UK will be classified as a “third country”. Under GDPR, a third country is…
a country other than the EU member states and the three additional EEA countries (Norway, Iceland, and Liechtenstein) that have adopted a national law implementing the General Data Protection Regulation (GDPR).
This means that an online casino based in the UK after Brexit, will need to ensure they meet the requirements to qualify for cross-border data transfers. If they don’t, they will have to cease operations in the EU.
We have already seen this take place with many US-based companies which also fell under third country classification. Whether they were unable or unwilling to comply, they decided to preemptively close up shop to avoid any possible legal troubles and fines in the EU.
Speaking of fines…
Not compliant? That will be €20 million, or 4% of your annual global earnings please
Since the case came up before GDPR came into effect, Facebook only got a light slap on the wrist over the Cambridge Analytica data scandal. However, if this privacy breach had taken place in a post-GDPR environment, the headlines would be very different.
Under GDPR any company, including casino operators, found to be infringing upon legislation could face fines of €20 million, or 4% of their annual global turnover. Yes. Global turnover. This isn’t based upon whichever value is the least, but rather, whichever amount is the greatest.
Companies don’t need to panic straight away though. There are other steps that take place before the issuing of a fine, such as warnings or suspending of data processing, but the financial risks are still incredibly high for any organisation.
Pick a gaming operator that offers a secure and safe online platform
As a player in the UK, you don’t want to worry about GDPR and Brexit, you just want to relax and enjoy yourself when you play at an online casino. Grosvenor Casinos is a UK-based service provider that has been operating since 1970, offering players an online and offline experience.
At Grosvenor you can enjoy a wide variety of online gambling services, including slots, table games, and poker. We also offer live casino games, including live roulette, live blackjack, and live baccarat.
If sports betting is what really gets you excited, we also offer an online sports betting service where you can place your bets on a variety of sports, including horse racing, football, and cricket. There are also a number of leagues for you to choose from, including the Europa League, The Championship, and the NHL.
Regardless of what you like, Grosvenor has something for everyone. To find out more about how you can get in on the action, visit our website today.