EGBA Updates EU GDPR Publishing Code Of Conduct

The European Gaming and Betting Association (EGBA) has upgraded its data protection measures to ensure compliance with EU GDPR regulations by publishing a sector-specific Code of Conduct.

The Code of Conduct on Data Protection in Online Gambling will outline a number of industry data protection standards, strengthening compliance by the sector with GDPR.

All members of the EGBA will adhere to the Code, which will also be open for signature with other EU / EEA-licensed online gambling companies. An independent third party supervisory body will control compliance with the Law.

EGBA secretary general Maarten Haijer commented: “On the 2-year anniversary of the GDPR, issues around data protection, privacy and the use of personal data are still a concern for many European citizens. That’s why we’re pleased to introduce this new code which demonstrates the online gambling sector’s commitment to protecting the personal data of our 16.5 million customers and supporting the success of the GDPR.

“We’re pleased to be one of Europe’s first industry sectors to introduce a self-regulatory code which supports compliance with GDPR. Data, and how it is used, is playing an increasingly important role in how citizens and businesses interact online – and the online gambling sector is no different.

“This code outlines how online gambling companies should ensure their customers understand how their personal data is being used and provides important guidance on how companies should use personal data in their interactions with customers, including how they identify and address problem gambling behaviour in their customers.”

The Code lays down specific measures and best practises to:

  • Enhancing portability rights – including rules to enable customers to transfer their personal data from company to company in an easier and secure way (including rules for player account registration, transactions history, marketing preferences, etc).
  • Supporting transparency – specifying what needs to be contained in a company’s privacy policy and which are the possible exceptions to the transparency principle, in view of the specificities of the sector.
  • Protecting against breaches of personal data – online gambling companies are required to introduce a plan to prevent and/or mitigate against breaches of personal data.
  • Establishing VIP accounts – how companies should establish player accounts for “VIP” customers in a way which respects privacy and the use of personal data.
  • Safer gambling – how companies should balance a customer’s privacy rights against the need to protect them from problem gambling.
  • Direct marketing – guidance on how to protect customer data during direct marketing and to prevent self-excluded customers from receiving direct marketing.
  • Detecting fraud – measures to prevent fraud and ensure data is used to comply with applicable laws.