Published
OnlineLand-BasedLegal & RegulatoryIndustryCSR

GamProtect launch event: Data Protection Officer discussion

The panel, moderated by BGC Head of Policy Steph Wong, discussed topics including the project's inception, the importance of looking after vulnerable players and the reason for the 47-year data retention length.

gamprotect 3

At the launch event for GamProtect on Wednesday 11 September 2024, BGC Head of Policy Steph Wong moderated a Data Protection Officer (DPO) panel. In attendance was Entain Chief Protection Officer Andreas Klug, Entain Interim DPO for UK & Ireland Jacqueline Gazey and Evoke Group Data Protection Officer Joseph Gaunt.

The even follows swiftly from the official appointment of Grainne Hurst as CEO of the Betting and Gaming Council – a key facilitator of the scheme. Gambling Insider covered two other panels hosted earlier in the day, headed by GamProtect Chair of the Board and Gamesys Operations Managing Director Kane Purdy and Gambling Commission Executive Director of Research and Policy Tim Miller.

The three panellists, who have worked closely alongside the development of GamProtect, covered work done to date, future plans and a range of other topics. Below are just a few topics brought up by Wong during the panel.

Wong: The single-customer view challenge was put out in 2020 in Birmingham. What was the expectation back then?

“It was a very cold February day, just ahead of Covid,” recounted Klug. “It was a challenge accepted by the BGC and major operators,” with a first step being the realisation that financial services and data experts will be needed for the process to start.

Despite how long other feats of financial technology take to develop, such as open banking, the launch of GamProtect took less than half a decade; “I’ll take that as an achievement,” Klug said.

Having a system that was “proportionate” was a notable development point for Klug. As he put it, no one wants to see the Queen on the gambling register because she likes betting on the horses.

Klug went on to highlight the specific segment of the act that allowed for GamProtect to operate under data protection law. Initially, the ICO took the stance that the whole concept was based on sensitive data. However, after the development of a sandbox to develop the scheme, a framework was developed. Then, “the show began in 2023,” when the trial began. “Rather than sharing sensitive data, just share a flag... by doing that, we avoid sharing sensitive data,” he explained.

What was your part in the DPO group?

“I think the key word of the day is collaboration,” said Gaunt. “The analogy I’d use is, have you ever tried to do a 1,000-piece puzzle with your friends and family... You find the edge pieces, that piece is a face... you bring the pieces together,” but that can only be done with collaboration.

“We knew what we were doing was so important, that these people were so vulnerable. That helped us sharpen our focus,” he said. “I’m really proud of everything that we’ve done.”

Data is held for 47 years. How did you come up with that?

Indeed, when looking on the GamProtect site, it breaks down how data is stored. This includes the initial five-year exclusion period, a 35-year residual exclusion period and an additional seven-year archival period. When assessing a viable data retention length in relation to gambling addiction, Gaunt said: “It’s potentially a lifetime.”

While the five-year mandatory exclusion is understandable, when asked how the 35-year residual was decided, Gaunt explained that, for vulnerable children, their data is held for 35 years. He felt this was a “really good read across” for vulnerable players; something now set in the GamProtect system.

As of 8 September, there are over 5,500 players on the scheme. Can you tell us about the redress process?

Gazey assumed there would be a lot of complaints at the start – something that has not been the case so far, but something that may increase as the scheme becomes more widespread. “We can’t ignore the fact that individuals, within that five-year period, have the right to complain. Anyone can come to us and say we disagree... at any point.”

She explained that a redress can be overridden if the player is shown to have legitimate and valid problem gambling behaviours, however.

Tell us about orphan data

Orphan data is a concept where data will be removed, disconnected, or otherwise abandoned in the interest of data security and safety. Said Klug: “When we conceived the scheme, we wanted to avoid sharing sensitive customer data.”

The individuals registered under the GamProtect scheme are vulnerable, with some having histories of a lot of personal strife or tragedy, he explained. Orphaning data allows for this information to be looked over with custodial integrity, especially when considering the potential of data breaches where this sensitive data could be at risk.

Other use cases for GamProtect and data protection

The scheme is still one that is growing and developing, with additional use cases on the horizon as GamProtect grows. Asking if the system used now will be the same used in any further use cases, Gazey said: “The reality is we will have to go through the process again... what data should we share... the retention times... We’ve learnt as we’ve gone, but it will be a different ball game.”

Premium+ Connections
Premium
 
Premium
 
Premium
 
Premium
 
Premium
 
Premium
 
Premium
 
 
 
Premium
 
Premium
 
Premium
 
Premium
 
 
Premium Connections
Consultancy
Executive Profiles
Gaming and Leisure Properties
Passport Technology
PrizePicks
Choctaw Casinos & Resorts
Follow Us

Facing Facts: Analysing North American sports betting and iGaming operators performance in 2024

How have sports betting and iGaming in North America been de...

Taking Stock: A guide to land-based operator and supplier prices

Gambling Insider tracks land-based operator and supplier pri...

Previewing G2E 2024 in Las Vegas

The Global Gaming Expo returns to the Venetian Las Vegas for...

Preview: Global Gaming Awards EMEA 2025

The gaming industry’s most prestigious Awards ceremony tak...