01332 340 211

Gambling regulations and the General Data Protection Regulation

gambing and gdpr

Gambling and GDPR: what does the new data protection regulation mean for compliance with gambling regulatory requirements?

On 25 May 2018, the new data protection legislation came into force both in the UK and across the EU on this date. It demands more from organisations in terms of accountability for their use of personal data and adds to the existing rights of individuals.  It is not, however, a total revolution but builds on foundations which have been in place for the last 20 years.  Many of the fundamentals of data protection remain the same.

What is the Gambling Commission’s stance on GDPR?

There have been concerns expressed to the Gambling Commission that the General Data Protection Regulation will affect what actions can be taken to tackle issues such as problem gambling and gambling associated crime.

Their view is that GDPR is not intended to prevent operators from taking steps which are necessary for the public interest or are necessary to comply with regulatory requirements under a Gambling Licence.

They state that GDPR should not be improperly used as an excuse to avoid taking steps which enable compliance with Licence conditions, promote socially responsible gambling and promote the Licensing Objectives.

Changes to consent under GDPR

Consent is one lawful basis for processing personal data and an indication of consent must be unambiguous and involve a clear affirmative action.   GDPR gives a specific right to withdraw consent and people need to know about their right to withdraw.  It is not true that data can only be processed if an organisation has explicit consent to do so.  The new Law provides five lawful grounds for processing data and in the context of personal data needed to comply with gambling regulation, these other lawful grounds may be more appropriate than consent.

As well as consent, the other legitimate purposes for processing data include:

  • Processing that is necessary for compliance with a legal obligation to which the data controller is subject.
  • Processing that is necessary for the performance of a contract to which the data subject is the party or in order to take steps at the request of the data subject prior to entering into a contract.
  • Processing is necessary for the performance of a task carried out in the public interest.
  • Processing is necessary for the purposes of the legitimate interest pursued by the controller or by a third party (except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data).

Operating licences will contain conditions requiring operators to put into effect procedures to allow for exclusion, to prevent money laundering and to combat problem gambling.  It will be necessary for operators to obtain and process personal data in order to comply with these requirements.  It will also be necessary for operators to securely retain data for a period of time in order to evidence compliance with the Gambling Commission in the event of an investigation.  Consideration should, therefore, be given to this when determining whether there is an ongoing legitimate purpose for obtaining, processing and retaining personal data.

You should note that whilst GDPR gives data subjects the right to request their personal data is erased, this right to erasure is not unrestricted and in particular you may not need to comply with such requests if retention of the data is still necessary for relation to an identified lawful basis.

If you require any further help with this topic, you can either contact our Licensing team or our Commercial team on 01332 340 211.

< Back
All News >


Contact us


If you have received a letter from our Debt Recovery team, please refer to the contact details provided in the letter to ensure your enquiry is dealt with promptly by the correct member of our team.

For all other enquiries, please complete the form below.

Derby Head Office:
St. Michael’s Court
St. Michael’s Lane
Tel: 01332 340 211
Fax: 01332 207 601
DX: 729320 Derby 24
SRA number: 509657

54, St. John Street
Tel: 01335 342 208
Fax: 01335 342 010
DX: 26834 Ashbourne
SRA number: 511804

Opening Times:
Our offices are open Monday to
Friday between 08:00 & 18:00

Contact us