The largest iGaming trade association on a global scale, the Remote Gambling Association (RGA) has published a guidance aimed at helping licensed gambling companies act in line with their obligations under the General Data Protection Regulation (GDPR).
The GDPR, also known as Regulation 2016/679, is a regulation under which the Council of the European Union, the European Commission and the European Parliament would implement an enhanced and unified data protection for all individuals within the European Union (EU). The regulation is set to be enacted on May 25th 2018.
The efficient implementation of the General Data Protection Regulation, however, is expected to be challenging, especially in certain aspects such as unifying data protection procedures for all industries and organizations in the EU. That was exactly the reason why the RGA issued its guidance aimed at helping the online gambling sector through the process.
As far as the UK remote gambling sector is concerned, the RGA GDPR Guidance should be read in association with information and guidelines provided by the Information Commissioner’s Office (ICO). The latter is currently entitled with regulatory and advisory functions in terms of the legislation.
Key Aspects of RGA Guideline
Right in the beginning of the GDPR Guidance, the RGA states that the major purpose of the publication is to help iGaming operators to comply with the obligations they have under the GDPR. In addition, the Remote Gambling Association explained that was the first step towards a unified Code of Conduct for the online gambling sector once the Regulation 2016/679 is fully implemented.
As mentioned above, the Association is aimed at making the Regulation’s integration process easier, which is why it has been aimed at providing more information on the implementation process. The Regulation itself is not especially designed to provide detailed information or advice on the aspects of the GDPR.
The guidance, which was issued yesterday by the RGA, answers some major questions related with the Regulation. It provides further information about the cases in which a Data Protection Officer (DPO) is required and pays attention to another building block in preparing for the new GDPR requirements – data protection impact assessments (DPIA). In addition, further information about the lawful basis for processing personal data in the remote gambling sector has been provided by the RGA.
The largest online gambling association in the world also provided more detailed information related to the definition of “consent” and more details aimed at clarifying in which situations consent is needed. The same applies to the term “legitimate interests”.
The RGA provided guidelines related to security and profiling, too. The published guidance also paid more detailed attention to “special category data”, as well as to terms such as “portability” and “right to be forgotten” and “retention”. Last, but not least, the Association provided more details about the rights of the data subject.
