Attorney Saulius Pikturna: Gambling Companies Should Reconsider Customer Data Processing Policy
The General Data Protection Regulation (GDPR) became effective in spring 2018. It is the rules of processing personal data of EU citizens and residents. The specified requirements apply not only to European companies, but also to organizations beyond the European Union.
How has the GDPR affected the gambling sector? What will the violation of the rules result in? Saulius Pikturna, Attorney at BetGamesTV, told Russian Gaming Week about these issues.
Interviewer: Russian Gaming Week (RGW)
Respondent: Saulius Pikturna (S.P.)
RGW: The GDPR came into force a year ago. How has the document changed gambling businesses?
S.P.: The GDPR is primarily aimed at customer personal data protection. Gambling companies have treated GDPR’s new requirements quite responsibly and seriously.
Initially, gambling business representatives had to determine whether their measures for protecting customer personal data complied with the GDPR’s requirements. This process took some time and certain expenses. As the result, companies succeeding in adhering to the Regulation have gained confidence of their clients. Thus, consumers know that companies are seriously concerned about their personal data.
RGW: Tell us about the core data protection requirements to EU companies as of today. How do they differ from the data confidentiality requirements of Russian companies?
S.P.: EU companies collect, store, and process customer data, applying such principles as legitimacy, reasonability, notifications, and balance. In other words, companies engaged in information collection and processing can by no means abuse this right. They should collect only necessary data. Besides, they are not allowed to store data indefinitely. Clients can any time insist on deleting all of their information obtained by the company.
I believe that the concept and rules of customer data collection, as well as its processing and storage, are still different in Russia and the EU. It is wrong to suggest that having a client’s consent for processing their private information, companies can irresponsibly and unpunished use it at their own discretion.
RGW: What does the violation of data protection requirements result in?
S.P.: All European countries have government institutions that monitor the GDPR fulfillment. The state, as a controller, imposes penalties on companies violating the GDPR.
For example, in 2018, a company from Germany was fined €20,000; an operator from Portugal was fined €400,000; and a firm from France was fined €50 million.
And there’s more, as every victim can file a civil suit against the company, but such a situation has not happened yet.
RGW: How do the data protection requirements affect the gambling business growth?
S.P.: On the one hand, companies should reconsider the customer data processing policy, which will require certain expenditures. On the other hand, these steps are made for clients and their trust in organizations.
RGW: What will you talk about at Russian Gaming Week?
S.P.: I will examine all above-mentioned issues and topics in detail.
By the way, the GDPR has targeted not only clients, but also personnel engaged in gambling venues. Employers also have more obligations because of the GDPR. I will share this information with the audience at Russian Gaming Week.
At RGW 2019, Saulius Pikturna will make a presentation: Requirements for confidentiality of customer (user) personal data during cooperation with partners in the EU countries.
Discover more about GDPR features from the specialist.