General Data Protection Regulation, abbreviated as GDPR, is a data protection legislation that will become mainstream come May 25, 2018, in both the UK and the EU. The new law is promulgated as an evolution in the protection of user data. GDPR makes more demand for an organization’s accountability regarding the use of user data. It would add an extra layer to already established human rights.
When the General Data Protection Regulation comes into full force, consumers and customers will be given the explicit right to give their consent before their data can be captured and processed. Further, the GDPR has made it clear that this right can be taken back at any time as deemed necessary by the user. This implies that gambling establishments can be told to delete a user’s data by the same user if they considered such data irrelevant anymore and that your continuous possession of the data is illogical.
Data protection laws have been in place for quite some time. Since the past 20 years, data protection laws have mostly remained unchanged. Many have opined that the gaming industry would be impacted by the GDPR, and we are set to look at the impacts the GDPR will really have on the gambling industry.
Governance and Responsibility
With the new legislation, there is bound to be a significant emphasis on the compliance and the demonstration of protecting user right. This implies that gambling establishments will have to demonstrate they have safe and secure systems in place to handle customers’ records.
Also, the legislation expects that organizations would set up internal control policies for an ongoing regular check on the security of the data in their possession.
In any case of a data breach, the GDPR has been designed in such a way that data handlers would instantly be alerted using a notification regime system. Therefore, data handlers would have to report user data breaches to the appropriate authority or platforms within 72 hours of such incident.
In this way, gambling operators would have to ensure they identify and react to every act of security breach. In fact, they would make their internet security very tight so they can comply with the objectives of the General Data Protection Regulation.
The current data protection laws require that consumers have the all-important right to obtain copies of their data and or also request for those data to be transferred to another organization without hindrance.
How can gambling companies cope?
The fact of the matter is, gambling organizations are going to be hard hit by this new legislation. As a data-driven industry, with loads of information on their customers, it wouldn’t be long for individuals to starting questioning what their data is being used for, and then the streams of ‘remove data’ requests start inundating them.
So in the face of this imminent challenges, how should gaming companies respond to this onslaught?
Well, the first is to embrace a policy of openness and transparency – let users know explicitly why you need the information, how you’re going to process them, and how long you’re going to keep them. Secondly, conduct a thorough audit of your internal data handling process to ensure it satisfies the GDPR guidelines. Finally, hiring a compliance officer to oversee the regular and consistent adherence to the regulation will ensure the organization is on the right side of the new rules.