The EU GDPR and its impact on iGaming

Almost one year ago, ripples were felt across the global business world as the European Union rolled out its General Data Protection Regulation (GDPR).

The iGaming industry is heavily reliant on consumer data, particularly when it comes to marketing and developing products and the new laws required significant adjustments. But what exactly is GDPR and how does it impact those of us that work in the sphere of iGaming?

What is GDPR?

The GDPR is a comprehensive set of laws created by the European Union. They took si years to prepare and were designed as an update to previous privacy laws that were introduced long before the advent of technology that we see today.

According to a report by IBM, 90% of the world’s data was created in the previous 12 months and the data universe is set to be a staggering 40 times bigger by 2020.

The GDPR not only provides a significant update to the previous laws but it seeks to unify the approach to data privacy in the EU and beyond. By giving power back to the individuals,  the rules reinforce their right to have a say in if, how, when, and why their personal data is collected. It also gives them the immutable right to have personal data that is held by a third party, edited or deleted upon request. Failure of companies to adhere with the rules can result in fines equivalent to 4% of annual turnover of EUR 20 million- whichever is greater.

The rules will apply not only to European citizens within the EU, but also to those whose data is transferred outside its borders. Even if your operations and servers are not in the EU but you are still processing EU citizen data, you need to be aware of the rules and be sure you are compliant.

How does it apply to iGaming?

In such a competitive industry, a lot of reliance is placed on being able to market to current, past, and potential customers, but with GDPR this could become a little more difficult.

Under the new regulations, demonstrable consent is an integral requirement for a company being able to process a clients data. This means that you have to be able to prove that each individual opted in to you holding their data, as well as receiving marketing communications. All and any consent needs to be given actively, twice- gone are the days where opt-outs or silence can be construed as a “yes”.

When it comes to online casinos, those who are already registered would have received a notification of the new process and would have been asked to opt in to receiving further marketing communications. Any new or potential customers will have to specifically say they want to be contacted for marketing purposes.

But there is a silver lining to this cloud. Since the law was introduced, companies have now been able to market to people who are actually interested in being marketed to. Mass email credits are not wasted and marketeers can ensure that the content they send is more specifically targeted to each recipient. Many operators have noted a drop in unsubscribe rates and an increase in subscribe rates, meaning that the messages that are being delivered are much more effective.

Whilst the introduction of GDPR did cause a bit of a panic across the industry, it seems that over the last year things have adjusted well. Online operators have been forced to properly retain players and have benefitted as a result. An increase in compliance and transparency has resulted in greater client trust and satisfaction levels as well.

To find out more about operating an iGaming business within the EU, or outside of the EU, contact us today. With over two decades of experience in the sector we are able to provide solid, reliable, and efficient guidance for your corporate and business needs.