David Clifton is quoted in a Gambling Compliance article entitled “UK regulator fires ‘warning shot’ on GDPR” that can be downloaded below.
Commenting on the Commission’s recently published GDPR Information Note entitled “Gambling Regulation and the General Data Protection Regulation”, David says:
- “I doubt it’s adequate but it’s start. I foresee a need for further commission guidance in relation to the processing of data for AML purposes, particularly given that, of all gambling operators, only casinos (remote and non-remote) presently fall within the regulated sector for AML regime purposes. Given that the commission and the Information Commissioner’s Office (ICO) have reportedly been in discussion together on GDPR issues for the last two years or so, this should not be an insurmountable task and it may be that further guidance will be available when the Data Protection Bill is finalised”
- “It is important that, before starting to process personal data, each licence-holder considers what personal data must be processed in order to achieve the required outcome in each case, and which of the permitted lawful bases for processing applies in each case. Any operator who is taking their GDPR responsibilities seriously should be taking account of the much more copious guidance that has been emanating from the ICO for a very considerable period of time, rather than merely seeking to rely on the Gambling Commission’s rather belated guidance on the subject”