Did you hear about the new GDPR directive in the european union that will become valid on the 25th May 2018? You probably have and I hope you acted to keep your casino business compliant. If not here are some questions that you may be asking yourself:
Why should I care?
It is nice to comply with the law. But seriously, the most significant reason are the large fines if you do not comply. The fines can be up to 20 million EUR or 4% global turnover of the company - whichever is greater.
Does it affect my casino?
If you are not collecting, storing or processing any personal data, then no. Do keep in mind, that even simple data from players is considered a personal data by this directive. Examples may be a visitors IP address, subscription to an email newsletter and last but not least - enrollment into a casino players club.
Next question is are you based in EU? If not and you are a landbased casino then the directive should not apply to you. For EU based landbase casinos the it applies. The directive applies also for any online activity involving EU citizens (while they are in EU). This of course includes casino websites and online casinos.
What is this GDPR directive about?
In short is is about protection of personal data - your obligation and their rights. The major points are:
-
persons right of access - on a persons request you should deliver them an output of all the data you are storing about them
-
persons right of errasure - on a persons request you should delete all data stored about them (unless data is required by law or similar)
-
you should not use personal data without a lawful basis for processing. Lawful basis includes persons consent, contract, law, company legitimate interests, …
-
you should inform persons of their rights. That includes what is stored about them and how it is processed and how they can execute their rights
-
company should have records of all the procedures involving personal data
-
perhapy you have to appoint a DPO (Data Protection Officer) for your company
Will existing consents to collection of personal data still be valid?
It depends. The consents your players made when joining your player's club may not not contain the newly required contents and as such they will not be valid. In such a case you should receive a new consent from every player according to the GDPR law.
What should I do?
Find a lawyer that specializes in personal data protection that will help you to be compliant.
Links
Official European Commission page
Disclaimer
I am not a lawyer and this article should not be considered a legal advice. It is only for informational purpuses.
- Log in to post comments