At the launch event for GamProtect on Wednesday 11 September 2024, BGC Head of Policy Steph Wong moderated a Data Protection Officer (DPO) panel. In attendance was Entain Chief Protection Officer Andreas Klug, Entain Interim DPO for UK & Ireland Jacqueline Gazey and Evoke Group Data Protection Officer Joseph Gaunt.
The even follows swiftly from the official appointment of Grainne Hurst as CEO of the Betting and Gaming Council – a key facilitator of the scheme. Gambling Insider covered two other panels hosted earlier in the day, headed by GamProtect Chair of the Board and Gamesys Operations Managing Director Kane Purdy and Gambling Commission Executive Director of Research and Policy Tim Miller.
The three panellists, who have worked closely alongside the development of GamProtect, covered work done to date, future plans and a range of other topics. Below are just a few topics brought up by Wong during the panel.
Wong: The single-customer view challenge was put out in 2020 in Birmingham. What was the expectation back then?
“It was a very cold February day, just ahead of Covid,” recounted Klug. “It was a challenge accepted by the BGC and major operators,” with a first step being the realisation that financial services and data experts will be needed for the process to start.
Despite how long other feats of financial technology take to develop, such as open banking, the launch of GamProtect took less than half a decade; “I’ll take that as an achievement,” Klug said.
Having a system that was “proportionate” was a notable development point for Klug. As he put it, no one wants to see the Queen on the gambling register because she likes betting on the horses.
Klug went on to highlight the specific segment of the act that allowed for GamProtect to operate under data protection law. Initially, the ICO took the stance that the whole concept was based on sensitive data. However, after the development of a sandbox to develop the scheme, a framework was developed. Then, “the show began in 2023,” when the trial began. “Rather than sharing sensitive data, just share a flag... by doing that, we avoid sharing sensitive data,” he explained.
What was your part in the DPO group?
“I think the key word of the day is collaboration,” said Gaunt. “The analogy I’d use is, have you ever tried to do a 1,000-piece puzzle with your friends and family... You find the edge pieces, that piece is a face... you bring the pieces together,” but that can only be done with collaboration.
“We knew what we were doing was so important, that these people were so vulnerable. That helped us sharpen our focus,” he said. “I’m really proud of everything that we’ve done.”
Data is held for 47 years. How did you come up with that?
Indeed, when looking on the GamProtect site, it breaks down how data is stored. This includes the initial five-year exclusion period, a 35-year residual exclusion period and an additional seven-year archival period. When assessing a viable data retention length in relation to gambling addiction, Gaunt said: “It’s potentially a lifetime.”
While the five-year mandatory exclusion is understandable, when asked how the 35-year residual was decided, Gaunt explained that, for vulnerable children, their data is held for 35 years. He felt this was a “really good read across” for vulnerable players; something now set in the GamProtect system.
As of 8 September, there are over 5,500 players on the scheme. Can you tell us about the redress process?
Gazey assumed there would be a lot of complaints at the start – something that has not been the case so far, but something that may increase as the scheme becomes more widespread. “We can’t ignore the fact that individuals, within that five-year period, have the right to complain. Anyone can come to us and say we disagree... at any point.”
She explained that a redress can be overridden if the player is shown to have legitimate and valid problem gambling behaviours, however.
Tell us about orphan data
Orphan data is a concept where data will be removed, disconnected, or otherwise abandoned in the interest of data security and safety. Said Klug: “When we conceived the scheme, we wanted to avoid sharing sensitive customer data.”
The individuals registered under the GamProtect scheme are vulnerable, with some having histories of a lot of personal strife or tragedy, he explained. Orphaning data allows for this information to be looked over with custodial integrity, especially when considering the potential of data breaches where this sensitive data could be at risk.
Other use cases for GamProtect and data protection
The scheme is still one that is growing and developing, with additional use cases on the horizon as GamProtect grows. Asking if the system used now will be the same used in any further use cases, Gazey said: “The reality is we will have to go through the process again... what data should we share... the retention times... We’ve learnt as we’ve gone, but it will be a different ball game.”