Are Gambling Operators and Affiliates ready for GDPR changes

In May 2018, Europe will switch to the updated rules for the processing of personal data, established by the General Data Protection Regulation (GDPR). This regulation, having direct effect in all 28 EU countries, will replace the framework the directive on the protection of personal data 95/46 / EC of October 24, 1995. An important nuance of the GDPR is the extraterritorial principle of the operation of the new European rules for the processing of personal data.

The new regulations provide EU residents with the tools to fully control their personal data. Since May 2018, the responsibility for violating the rules for the processing of personal data has been toughened: according to the GDPR, fines amount can reach up to 20 million euros (or 4% of the company’s annual gross income.

But how these changes will influence the online gambling industry? This will certainly has an impact on the relations between online casinos, i.e. operators, and affiliates, comprising affiliate programs.

The GDPR has an extraterritorial effect and is applied to all companies that process personal data of residents and EU citizens, regardless of the location of such a company. Recently, numerous companies appear to break the laws dealing with collecting personal data. And this situation is more than frequent among online companies.

Affiliates in online gambling advertise the websites of operators earning a commission. On the other hand, operators run the game websites with certain rules and conditions that give the chance to customers to play by these rules. It is obvious that operators will try to keep the best affiliates rewarding them with considerable income.

In the text of the GDPR there are such concepts as “controller” and “processor”. The controller determines the specific goals and means of processing, and the processor, in turn, carries out further processing of the PDN on behalf of the controller. In online gambling operators will play a role of controllers after the player comes to the website.

Nevertheless, up to this point the affiliates, most likely, will be controllers of data as they are the only party participating in games before connecting players to operators. It means that affiliates can bear responsibility for any violation of data protection at this stage.

Besides, operators will probably consider the possibility of change and adaptation of the affiliate T & Cs, according to which all parties have to define an exact role of the affiliate regardless of the fact what is written in the affiliate’s T & C.

There are several significant moments, which each affiliate has to observe according to new GDPR:

• Transparency, i.e., persons whose personal data are processed, have to be informed on how their data will be processed.
• Accountability. The controllers will bear responsibility for respecting the principles of GDPR.
• Consent demonstration. This will allow controllers to produce the evidence that the subject of data has given the consent to collecting and data processing.
• The right to object to marketing
• Record of processing. Each controller should keep account of the processing.

In view of told above, operators have to be convinced that their affiliates carry out direct marketing only if and when this person has given the consent. Without any doubts, new GDPR will reconsider the relations between operators and affiliates and how this influence the players.