Entrevistas e Editoriais
COVID-19, GDPR and Online Gaming Business
What should operators have in mind when developing online business? #
Zlatan Omerspahić, Head of Legal and Compliance at NSoft: All industries, with no exception, have a common denominator for the year 2020. It is financial uncertainty.
Lockdown hit some niches hard. Many businesses were closed in a scenario we have never seen before. COVID-19 pandemic has brought the economies of all countries to a standstill. Betting and gaming industry wasn’t an exception, especially in the retail channel where the restrictions are still in force to a lesser or larger degree at almost all markets.
Still, the fact is that the internet gaming industry has a great chance to become the most popular betting channel. As always, the necessity is the mother of invention - in our case digitalisation. Understandably, the pandemic and the lockdown were a driving force for many operators to invest in online business - whether expanding the existing online betting business or starting from scratch.
Pay attention to regulatory risk and data protection #
It’s vital to pay attention to regulatory risk regarding online business and data protection in that context. The overriding obligations of the operators are to identify and understand the personal data that they process. The operators must understand legal obligations related to data protection and document all compliance activities. Furthermore, they have an obligation to establish a compliance framework that will comply with GDPR.
What compliance framework covers? #
Compliance framework comprises of data mapping, analysis of lawful basis and risk assessment.
- Data mapping. An operator shall develop a data map of player’s data which needs to contain at least (what personal data is processed, the source of the personal data, what the personal data is used for and similar);
- Analysis of lawful basis for processing. This analysis should cover the legal basis for each processing activity (Article 6 of GDPR);
- Risk assessment. The operator shall conduct a risk assessment to determine the level of risk for processing each of the personal data categories.
If an operator wants to have an adequate compliance program related to data protection, internal or external audit should control it periodically. Besides being legally on the safe side when we speak on GDPR and data protection, the operators have to build their business on three main pillars to ensure their players’ trust.
The following principles must be met: lawfulness, fairness and transparency.
Security #
Regarding security, as a general rule, Article 32, GDPR requires controllers and processors to adopt a risk-based approach to security measures “to ensure a level of security appropriate to the risk”.
Article 32 of GDPR defines several security measures such: pseudonymisation and encryption of personal data, the ability to ensure ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data, the ability to restore the availability and access to data on time in the event of a physical or technical incident, as well as to document regular reviews of access controls, a process for regularly testing and certification mechanisms.
In the end... #
The most important thing is to ensure the implementation of these principles internally, including precise roles and obligations. The crisis is always a chance, but every responsible company needs to think about regulatory risk and reputation, especially in the data protection aspect.
Tags:
Artigos Relacionados
Entrevistas e Editoriais
12.09.2024.
The Best Cities for a Career in Software
We’ve dug into the data to identify the best cities worldwide for software careers and the most lucrative roles in the industry. From San Francisco to Amsterdam, here are some of the best cities for a software career.
Saiba mais
Entrevistas e Editoriais
03.09.2024.
Exclusivo: Dario Jurčić da NSoft Compartilha Insights da Empresa com o TheGamblest
Discover NSoft’s innovative journey as CEO Dario Jurčić discusses the Seven platform, NextGen Sportsbook, and the success of Crash Cash in a recent interview with TheGamblest.
Saiba mais
Entrevistas e Editoriais
05.08.2024.
Entrando no Mercado de Apostas Físicas? O Que Você Precisa Saber
Tudo o que você precisa saber sobre o negócio de apostas físicas, incluindo insights sobre custos, licenciamento e configuração tecnológica.
Saiba mais
Não encontrou o que estava procurando?
Nossa equipe terá o prazer de guiá-lo por nossos produtos e serviços.
Contate-nos