WHAT CHANGES WITH THE EU DATA PROTECTION REGULATION FOR GAMBLING - PowerPoint PPT Presentation

WHAT CHANGES WITH THE EU DATA PROTECTION REGULATION FOR GAMBLING COMPANIES? Thursday, June 9, 2016 Speakers: Giulio Coraggio – DLA Piper, Milan Antoon Dierick – DLA Piper, Brussels Richard van Schaik – DLA Piper, Amsterdam *This presentation is offered for informational purposes only, and the content should not be construed as legal advice on any matter. www.dlapiper.com Thursday, June 9, 2016 0

Our DLA Piper team today Giulio Coraggio Antoon Dierick Richard van Schaik DLA Piper, Brussels DLA Piper, Milan DLA Piper, Amsterdam www.dlapiper.com Thursday, June 9, 2016 1

Agenda 1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you www.dlapiper.com Thursday, June 9, 2016 2

Timing, scope and importance of the GDPR for gambling companies > Timing A single data protection law across the whole European Union, with some exceptions… Put May 25, 2018 on your calendar! www.dlapiper.com Thursday, June 9, 2016 3

Timing, scope and importance of the GDPR for gambling companies > Scope Personal data  Purpose of the GDPR : Protection constitutional rights and fundamental freedom of individuals; more in particular protection of personal data.  Personal data: "any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person" www.dlapiper.com Thursday, June 9, 2016 4

Timing, scope and importance of the GDPR for gambling companies > Scope It applies wherever you are located both One-stop-shop benefits www.dlapiper.com Thursday, June 9, 2016 5

Timing, scope and importance of the GDPR for gambling companies > Scope Whether you are an operator or a supplier… Renegotiating data processing agreements? New obligations for data processor www.dlapiper.com Thursday, June 9, 2016 6

Timing, scope and importance of the GDPR for gambling companies > Importance Why is it so important for gambling companies? Sensitive data Deep profiling of betting customers (behavior, financial transactions etc.) Large amount of data Often transferred cross border www.dlapiper.com Thursday, June 9, 2016 7

Timing, scope and importance of the GDPR for gambling companies > Importance And the potential sanctions are now massive of the global turnover New accountability principle www.dlapiper.com Thursday, June 9, 2016 8

Timing, scope and importance of the GDPR for gambling companies > Importance Also, cyber-risk becomes a higher threat Security measures adequate or not? in case of data breach…. www.dlapiper.com Thursday, June 9, 2016 9

Agenda 1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you www.dlapiper.com Thursday, June 9, 2016 10

What changes for gambling companies > Data collection requirements You can still collect data PRIVACY INFORMATION NOTICE More details on data processing CONSENT CONTRACT PERFORMANCE freely given, specific, LEGITIMATE INTEREST informed and Performance cannot be Prevention of fraud, but unambiguous by a made conditional to also marketing? statement/affirmative consent, if processing not action necessary www.dlapiper.com Thursday, June 9, 2016 11

What changes for gambling companies > Additional GDPR requirements You can't stop developing your products, so what to change in your gaming platform and organization? Data Protection Officer Security by design Privacy by design and privacy by default Better defense! www.dlapiper.com Thursday, June 9, 2016 12

What changes for gambling companies > Player data portability Keeping the VIP status Is your players' profile portable? Disclosing trade secrets? www.dlapiper.com Thursday, June 9, 2016 13

What changes for gambling companies > International data transfers Transferring of data outside the EEA Same rules but… www.dlapiper.com Thursday, June 9, 2016 14

What changes for your company? > Certification Are you going to be certified? Privacy certification Gambling certification Where is the burden of the privacy certification going to stand? Regulatory approval www.dlapiper.com Thursday, June 9, 2016 15

Agenda 1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you www.dlapiper.com Thursday, June 9, 2016 16

What to do to be ready in 2018 > To do list What is on your immediate to do list? 1. Mapping the data that is currently processed within the group and assessing whether all data processing is necessary 2. Assessing how data is processed by the company and the technical infrastructure – review of internal policies (if any) – review of technical functioning of gaming platform/client components 3. Deleting data that is not necessary and represents only a potential risk 4. Reviewing the current data processing agreements www.dlapiper.com Thursday, June 9, 2016 17

What to do to be ready in 2018 > To do list What is on your immediate to do list? (ii) 5. Assessing whether the current group structure is privacy efficient under the one-stop-shop rule 6. Appointing a data protection officer (or outsourcing this function to a third party) 7. Planning the implementation of: 1. Internal policies 2. Privacy impact assessment 3. Privacy by design and privacy by default 4. Security by design www.dlapiper.com Thursday, June 9, 2016 18

Agenda 1. Timing, scope and importance of the GDPR for gambling companies 2. What changes for gambling companies? 3. What to do to be ready in 2018 4. How DLA Piper can help you www.dlapiper.com Thursday, June 9, 2016 19

How DLA Piper can help you > DLA Piper GDPR Compliance Methodology  GDPR impact assessment : Tailored assessment of the relevance of the GDPR provisions  Gap analysis : Analysis of the actual level of compliance  Internal evaluation and prioritization : Determining the company’s risk appetite and action plan  Implementation : During this phase, the action points identified in the action plan during Module 3 will be implemented. This should result in taking the necessary measures to achieve compliance with GDPR requirements  Consolidation of compliance : Avoiding GDPR infringements (internal and external documentation) www.dlapiper.com Thursday, June 9, 2016 20

How DLA Piper can help you > DLA Piper standard privacy tools www.dlapiper.com Thursday, June 9, 2016 21

How DLA Piper can help you > Stay informed Access our Data Protection Laws of the World Handbook at www.dlapiperdataprotection.com www.dlapiper.com Thursday, June 9, 2016 22

Questions? Giulio Coraggio Antoon Dierick Richard van Schaik DLA Piper, Brussels DLA Piper, Milan DLA Piper, Amsterdam Antoon.Dierick@dlapiper.com Giulio.Coraggio@dlapiper.com Richard.vanSchaik@dlapiper.com www.dlapiper.com Thursday, June 9, 2016 23