WHAT CHANGES WITH THE EU DATA PROTECTION REGULATION FOR GAMBLING - - PowerPoint PPT Presentation

www.dlapiper.com Thursday, June 9, 2016

Thursday, June 9, 2016

WHAT CHANGES WITH THE EU DATA PROTECTION REGULATION FOR GAMBLING COMPANIES?

Speakers: Giulio Coraggio – DLA Piper, Milan Antoon Dierick – DLA Piper, Brussels Richard van Schaik – DLA Piper, Amsterdam

*This presentation is offered for informational purposes only, and the content should not be construed as legal advice on any matter.

www.dlapiper.com 1 Thursday, June 9, 2016

Our DLA Piper team today

Giulio Coraggio DLA Piper, Milan Antoon Dierick DLA Piper, Brussels Richard van Schaik DLA Piper, Amsterdam

www.dlapiper.com 2 Thursday, June 9, 2016

Agenda

1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you

www.dlapiper.com 3 Thursday, June 9, 2016

A single data protection law across the whole European Union, with some exceptions… Put May 25, 2018 on your calendar!

Timing, scope and importance of the GDPR for gambling companies > Timing

www.dlapiper.com 4 Thursday, June 9, 2016

 Purpose of the GDPR: Protection constitutional rights and fundamental freedom of individuals; more in particular protection of personal data.  Personal data: "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person"

Personal data

Timing, scope and importance of the GDPR for gambling companies > Scope

www.dlapiper.com 5 Thursday, June 9, 2016

It applies wherever you are located both

One-stop-shop benefits

Timing, scope and importance of the GDPR for gambling companies > Scope

www.dlapiper.com 6 Thursday, June 9, 2016

Whether you are an operator or a supplier…

New obligations for data processor Renegotiating data processing agreements?

Timing, scope and importance of the GDPR for gambling companies > Scope

www.dlapiper.com 7 Thursday, June 9, 2016

Why is it so important for gambling companies?

Large amount of data

Sensitive data betting

(behavior, financial transactions etc.)

Deep profiling of customers Often transferred cross border

Timing, scope and importance of the GDPR for gambling companies > Importance

www.dlapiper.com 8 Thursday, June 9, 2016

And the potential sanctions are now massive

• f the global turnover

New accountability principle

Timing, scope and importance of the GDPR for gambling companies > Importance

www.dlapiper.com 9 Thursday, June 9, 2016

Also, cyber-risk becomes a higher threat

in case of data breach….

Security measures adequate or not?

Timing, scope and importance of the GDPR for gambling companies > Importance

www.dlapiper.com 10 Thursday, June 9, 2016

Agenda

1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you

www.dlapiper.com 11 Thursday, June 9, 2016

You can still collect data

PRIVACY INFORMATION NOTICE More details on data processing CONSENT freely given, specific, informed and unambiguous by a statement/affirmative action CONTRACT PERFORMANCE Performance cannot be made conditional to consent, if processing not necessary LEGITIMATE INTEREST Prevention of fraud, but also marketing?

What changes for gambling companies > Data collection requirements

www.dlapiper.com 12 Thursday, June 9, 2016

You can't stop developing your products, so what to change in your gaming platform and organization?

Better defense!

Privacy by design and privacy by default

Security by design

Data Protection Officer

What changes for gambling companies > Additional GDPR requirements

www.dlapiper.com 13 Thursday, June 9, 2016

Is your players' profile portable?

Keeping the VIP status Disclosing trade secrets?

What changes for gambling companies > Player data portability

www.dlapiper.com 14 Thursday, June 9, 2016

Transferring of data outside the EEA

Same rules but…

What changes for gambling companies > International data transfers

www.dlapiper.com 15 Thursday, June 9, 2016

Are you going to be certified?

Regulatory approval Gambling certification Privacy certification

Where is the burden of the privacy certification going to stand?

What changes for your company? > Certification

www.dlapiper.com 16 Thursday, June 9, 2016

Agenda

1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you

www.dlapiper.com 17 Thursday, June 9, 2016

• 1. Mapping the data that is currently processed within the group and assessing

whether all data processing is necessary

• 2. Assessing how data is processed by the company and the technical

infrastructure – review of internal policies (if any) – review of technical functioning of gaming platform/client components

• 3. Deleting data that is not necessary and represents only a potential risk
• 4. Reviewing the current data processing agreements

What is on your immediate to do list?

What to do to be ready in 2018 > To do list

www.dlapiper.com 18 Thursday, June 9, 2016

• 5. Assessing whether the current group structure is privacy efficient under the
• ne-stop-shop rule
• 6. Appointing a data protection officer (or outsourcing this function to a third party)
• 7. Planning the implementation of:
• 1. Internal policies
• 2. Privacy impact assessment
• 3. Privacy by design and privacy by default
• 4. Security by design

What is on your immediate to do list? (ii)

What to do to be ready in 2018 > To do list

www.dlapiper.com 19 Thursday, June 9, 2016

Agenda

1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you

www.dlapiper.com 20 Thursday, June 9, 2016

How DLA Piper can help you > DLA Piper GDPR Compliance Methodology

• GDPR impact assessment: Tailored

assessment of the relevance of the GDPR provisions

• Gap analysis: Analysis of the actual level of

compliance

• Internal evaluation and prioritization:

Determining the company’s risk appetite and action plan

• Implementation: During this phase, the

action points identified in the action plan during Module 3 will be implemented. This should result in taking the necessary measures to achieve compliance with GDPR requirements

• Consolidation of compliance: Avoiding

GDPR infringements (internal and external documentation)

www.dlapiper.com 21 Thursday, June 9, 2016

How DLA Piper can help you > DLA Piper standard privacy tools

www.dlapiper.com 22 Thursday, June 9, 2016

Access our Data Protection Laws of the World Handbook at www.dlapiperdataprotection.com How DLA Piper can help you > Stay informed

www.dlapiper.com 23 Thursday, June 9, 2016

Questions?

Giulio Coraggio DLA Piper, Milan Giulio.Coraggio@dlapiper.com Antoon Dierick DLA Piper, Brussels Antoon.Dierick@dlapiper.com Richard van Schaik DLA Piper, Amsterdam Richard.vanSchaik@dlapiper.com