You are about to go to the Italian version of AskGamblers
Kindly note that some features such as complaint service and forum are currently available only on the international version.
You are about to go to the German version of AskGamblers
Kindly note that some features such as complaint service and forum are currently available only on the international version.
GDPR Brings About Stricter Requirements for Gambling Industry

GDPR Changes the Relationship between Operators and Affiliates

Unless you’ve been hiding under a rock for the last year, you’ve probably come across the information about the new GDPR coming into force on May, 2018 and that it will affect the online gambling industry. Also, you might’ve heard that it will change the relationship between operators, aka online casinos and affiliates, including affiliate programs. But hold on for a second! Do you know what GDPR is in the first place? More importantly, does it affect the players as the force that needs to be protected the most? Given the significance of GDPR, here’s your opportunity to learn more about what GDPR brings to the table!

Getting Ready for the GDPR

GDPR, also known as General Data Protection Regulation, is a new EU legislation that will see its implementation on the 25th of May, 2018. The central point of GDPR focuses on bringing more efficient and stricter requirements within the EU for all companies dealing with collecting and processing personal data.

In the recent years, there have been examples of various companies breaking the laws when it comes to applying and obeying the rules related to collecting personal data, especially online. Since collecting, using and sharing personal data is a highly sensitive matter in all aspects of business and life, it’s no wonder why the impact of GDPR has been marked as a question of high priority. 

The new GDPR will modify the roles of affiliates and operators in their mutual relati­ons­hip.  

As you know, affiliates in the online gambling promote the operators’ websites for which they receive a commission. Operators, on the other hand, run gaming websites where certain rules and conditions apply, thus offering the opportunity for players to gamble under those rules. For obvious reasons, operators will do their best to attract and keep the best affiliates by providing considerable revenues.

In light of the new GDPR, revising who will be a data controller and who will act as a data processor is of vital importance. Knowing that affiliates bring players to an operator’s website to sign up, it becomes clear that the operators will take the role of controllers once a player enters their site.

However, prior to that moment, the affiliates will most likely be data controllers as they are the only party involved with players before connecting them with the operators. This also means that affiliates might be hold responsible for any data protection breach in that stage of a player’s journey.

In addition, the operators will probably consider changing and adapting the affiliate T&Cs, whereby all parties should keep in mind that the regulators will determine the precise role of an affiliate, regardless of what it is written in the affiliate’s T&Cs.      

Connection between Consent and Direct Marketing

There are several key points each affiliate will have to comply with under the new GDPR:

  • Transparency
  • Accountability
  • Demonstration of consent
  • Right to object to marketing
  • Record of processing

Transparency in this case basically means that individuals whose personal data is being processed should be informed about how their data will be processed. In terms of accountability, controllers shall be responsible for compliance with the GDPR principles.

Demonstration of consent will allow the controllers to present evidence that data subject gave their consent for the purpose of collecting and processing data. An interesting part related to direct marketing is the right to object which will be given to every individual in case where direct marketing is on the menu. 

Since direct marketing is governed by separate legislation in the UK called the Privacy and Electronic Communications Act, currently revised by the ePrivacy Regulation, this point will be additionally redefined. 

Finally, record of processing is a key point according to which it is mandatory for each controller to keep a record of its processing activities.

Having in mind the above said, the operators should make sure that their affiliates are doing direct marketing only if and where the person has given their consent. There’s no doubt whether the new GDPR will redefine the relationship between operators and affiliates. What we all expect to find out is how the operators and the affiliates will manage in the matter of liability and what the outcome of their agreement will be for the crucial link in the online gambling industry – the players.  

By subscribing you are certifying that you are over the age of 18.

Sign up for +420 No Deposit Spins!

This offer is not applicable to residents of Great Britain.

By subscribing you are certifying that you have reviewed and accepted our updated Privacy and Cookie policy.