EGBA Publishes New Data Protection Code of Conduct

  • New Code of Conduct provides specific rules and guidance for GDPR compliance
  • Operators must increase transparency and set out a compliance framework
  • The Code covers a number of areas including VIP accounts and enhancing portability rights
  • EGBA aims to protect the personal data of 16.5 million customers
GDPR logo with woman using iPad
The EGBA has established a new Code of Conduct to ensure gambling operators are GDPR compliant. [Image: Shutterstock.com]

Extra guidance

The European Gaming and Betting Association (EGBA) has established a new Code of Conduct for data protection. The code sets out specific rules and guidance to assist the online gambling industry in complying with EU General Data Protection Regulation (GDPR), originally passed in April 2016.

driving standards in the online gambling sector ”

The Code is one of Europe’s first sector-specific self-regulatory initiatives and the EGBA is introducing it with the aim of “driving standards in the online gambling sector.” The regulatory body advised its members that they must adhere to the new guidance, which will be monitored by an independent third-party.

In order to comply with the Code, operators must establish a framework which covers its core areas, including data mapping, risk assessment, documentation and review, lawful basis analysis, assessment, and amendment.

Taking a closer look

By making use of case studies, summaries, and examples of good practices for operators, the EGBA has introduced specific measures in relation to a number of different areas surrounding the use of data.

The Code includes rules to enable customers to transfer their personal data from one company to another in an easier and more secure way – something the EGBA has labelled “enhancing portability rights.”

There is also guidance for establishing VIP accounts, with advice on how to create accounts for high-rollers in a way that respects their privacy and the use of personal data.

The EGBA outlines three overriding obligations for operators under the GDPR code. Operators must identify and understand the personal data which they process, ensure that they understand and comply with legal obligations when processing that data, and be accountable for and document those compliance activities.

Safer gambling and fraud detection are also addressed. The Code explains how operators should balance a customer’s privacy rights against the need to protect them from problem gambling and establishes measures to prevent fraud and ensure data is used to comply with applicable laws.

The mission objective

In a statement on the regulatory body’s website, Maarten Haijer, secretary general of the EGBA, outlined the main objectives of the Code of Conduct.

protecting the personal data of our 16.5 million customers ”

Haijer commented: “On the two-year anniversary of the GDPR, issues around data protection, privacy and the use of personal data are still a concern for many European citizens. That’s why we’re pleased to introduce this new code which demonstrates the online gambling sector’s commitment to protecting the personal data of our 16.5 million customers and supporting the success of the GDPR.”

Haijer urged operators to be even more transparent by stating clearly when personal information is stored and for what purpose it is used, although legally this must already be covered in any Privacy Policy.

Leave a Reply

Your email address will not be published. Required fields are marked *