On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect, causing concern among some individuals that the new regulation could harm the trend of self-exclusion.
The GDPR is a new regulation aimed at protecting the privacy and data of individuals within the European Union and European Economic Area. It requires companies to obtain clear consent from individuals before collecting and processing their data and allows individuals to request the deletion of their data.
However, the use of explicit consent has created concerns for gambling operators, who fear that third-party tools used by customers for self-exclusion could impact their ability to catch potential problem gamblers early. Nevertheless, experts have concluded that operators can rely on their legitimate interests to hold and process customer data, but they must demonstrate compliance and keep a record of their assessment.
The UK Gambling Commission's license conditions and codes of practice emphasize social responsibility, which may explain why self-exclusion policies are more complex in the UK compared to other locations like Malta, which is rolling out a remote self-exclusion method. To comply with the GDPR, companies must make their privacy policy transparent, allowing customers to quickly find out how to contact the data controller and exercise their right to access their own information.
The Information Commissioner's Office (ICO) has issued updated guidance on the GDPR, assuring organizations that they will be a fair and proportionate regulator and advising those who are not yet compliant to not panic.