With the General Data Protection Regulation (“GDPR”) coming into effect on 25 May 2018, the Gambling Commission has published its own long-awaited GDPR Information Note entitled “Gambling Regulation and the General Data Protection Regulation”, commenting:
“We take the view that GDPR is not intended to prevent operators from taking steps which are necessary in the public interest, or are necessary to comply with regulatory requirements under a gambling licence. GDPR should not be improperly used as an excuse to avoid taking steps which enable compliance with licence conditions, promote socially responsible gambling, and promote the licensing objectives”.
Both a copy of the Commission’s GDPR webpage and the above-mentioned Information Note can be downloaded below.
In line with its comment in the first paragraph above, the Commission seeks to reassure gambling operators that: “whilst it will remain your responsibility to ensure you are legally compliant with the GDPR, we wish to offer assistance and support to help you comply both with the GDPR and with our regulatory framework”.
Operators might find particularly helpful sections 4 and 5 of the Information Note, in which the Commission comments on the following scenarios, in respect of which industry has expressed concern, in order to illustrate the approach it believes that licence-holders should take when considering such issues:
- Self-exclusion and anti-money laundering
- Obtaining, retaining and using data for other social responsibility purposes
- Sharing of data on suspected illegality (such as match-fixing, doping or fraud)
- Marketing to consumers
More detailed information on the GDPR is available via the Information Commission Office’s website