Over the past few weeks there has been a lot said online about GDPR. It has something to do with online gambling, but there is a larger background as well. As an online casino player you will not have to directly deal with it. However, it is always good to aware of the latest developments in your arena and your rights under those developments.

The General Data Protection Regulation (GDPR) is a regulation in European Union law on data protection and privacy for all individuals. It was adopted in 2016 and online operators were given a two-year transition period to meet the requirements. The GDPR becomes enforceable on 25 May 2018. The GDPR is a regulation, not a directive, so it does not require national governments to pass any enabling legislation. It is directly binding and applicable on all online operators in the European Union.

The GDPR supersedes the earlier Data Protection Directive, adding more teeth to the regulators and enhancing the privacy of online casino players. It aims to give control to online users over their personal data. At the same time it standardises regulation within the EU and thereby simplifies the regulatory environment for international businesses. In simple terms, the personally identifiable information of online casino players and users of other online portals must be stored using full anonymization. This means that the data stored in one place cannot be used to identify a subject without additional information stored separately. The online portals must employ the highest-possible privacy settings by default, so that the data is not available publicly without explicit consent of the user. The user will have the right to withdraw this permission at any time.

The online casino must clearly disclose what data is being collected and how and why it is being processed. The online portal must also disclose if the data is being shared with any third-parties. The players have the right to request a portable copy of the data collected. Each online casino operator will be required to employ a data protection officer who will be responsible for managing compliance with the GDPR.

Given below are some specific instances as to how the GDPR will affect the online gambling industry. Under the GDPR there will be an increased emphasis on being able to demonstrate compliance. Online casinos will have to maintain detailed records of data processing activities and produce the same when demanded. In the event of a personal data breach, GDPR had introduced procedures that will alert data handlers. Online casinos will be required to put in place systems that enable them to first identify personal data breaches and then report such breaches no later than 72 hours after becoming aware of such breach.