How the EU’s ‘most important data protection rule in 20 years’ will affect casino players

If you’ve not heard about it, chances are, you’re not the only one.

Data protection is something we hear a lot about, without really knowing about how it is enforced, and what our rights really are.

In the EU, the law around data protection is set to be enshrined in a new ruling called the GDPR, or the General Data Protection Regulation, to give it its full name.

Data privacy is changing. Here's how you could be affected.
Data privacy law in the EU is changing. Here’s how you could be affected.

The ramifications of this law go deep, but how will it specifically impact online casinos? Operators are indeed preparing themselves for the changes, which in broad terms will dictate how they should use, and perhaps more pertinently, should not use, customer’s sensitive personal data.

This data protection law comes into effect on May 25, 2018, and those failing to comply will face heavy fines.

The context

Online casinos are among those who are needing to sit up an take notice due to the large amounts of player data they collect and request.

In order to satisfy the many regulatory compliance hoops, they need to find out a lot about who their customers are – a process called ‘Know Your Customer (KYC) as well as take steps to stamp out money laundering and other criminality.

That requires them holding a lot of data on file – sensitive player data, and data that this new law directly affects.

And companies need to take note – the fines for breaching the law can be 4% of annual global turnover or €20 million, whichever is greater.

The EU has felt that in an increasingly data driven world, where data on customers is now both more detailed and valuable, that citizens themselves should have more control over the consent they give to third parties to collect and use their data.

As the EU itself puts it: “Consent must be clear and distinguishable from other matters and provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.”

What it means for players

For players it means that it should be clearer for them when a company is taking their data. Not only that, it also should be more obvious when the player is expected to hand over data – and give them a clear option to duck out if they need to.

The GDPR will impose limits on how companies use data and store it - giving the consumer more control.
The GDPR will impose limits on how companies use data and store it – giving the consumer more control.

No hidden boxes to tick, or untick, what’s happening to your data should be made clear at every click.

Another essential element of GDPR is the ability for the player to get hold of their data should they need it, as stated by the EU.

Part of the expanded rights of data subjects outlined by the GDPR is the right for data subjects to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. This change is a dramatic shift to data transparency and empowerment of data subjects.
EU summary of key changes of the GDPR.

Also key to the legislation is the notion of the ‘right to be forgotten’. That means just because a player has given up their data in the past, does not mean that the data can be used forever more – and not only that, it could be hopelessly out of date.

Players can request that the person or organization holding the data gets rid of it.

What it means for online casinos

There’s a lot of paperwork to go through for operators, but the thought is that those who already have good control of player data and sound processes in place will be able to build in the GDPR practices effectively.

Transparency will be key – the way data is used will be obtainable by customers, in theory, at any point, and they will be none-to-pleased if they feel their data is being used for, for example, marketing processes, which have caused them a barrage of emails promoting one product or another.

Not only that, but if the casino is allowed to target a player with follow up marketing, that the communications are actually relevant to the player.

If the marketing starts become irrelevant to the player – then they may request that their data is erased, as well as being turned off by the marketing itself.

Approved Casinos

Want to try an online casino? Approved Casinos

Choose an approved casino from our carefully selected list. VIEW CASINOS