On May 25, 2018, the General Data Protection Regulation (GDPR) came into effect, causing concern among some individuals that the new regulation could harm the trend of self-exclusion.
The GDPR is a new regulation aimed at protecting the privacy and data of individuals within the European Union and European Economic Area. It requires companies to obtain clear consent from individuals before collecting and processing their data and allows individuals to request the deletion of their data.
However, the use of explicit consent has created concerns for gambling operators, who fear that third-party tools used by customers for self-exclusion could impact their ability to catch potential problem gamblers early. Nevertheless, experts have concluded that operators can rely on their legitimate interests to hold and process customer data, but they must demonstrate compliance and keep a record of their assessment.
The Information Commissioner's Office (ICO) has issued updated guidance on the GDPR, assuring organizations that they will be a fair and proportionate regulator and advising those who are not yet compliant to not panic.