GDPR and Compliance in Gaming: Insights from Adriana Minovic, Betsson Group

Shirley Pulis Xerxen 10 months ago
GDPR and Compliance in Gaming: Insights from Adriana Minovic, Betsson Group

Joseph F Borg talks to Adriana Minovic, Director of Compliance and DPO at Betsson Group during a recent Sigma podcast. In this first of a two-part article, the focus is on issues of GDPR in the industry.

The effectiveness of GDPR

Asked about the effectiveness of the introduction of GDPR (General Data Protection Regulation) in the gaming industry, Minovic is of the opinion that “in general, it was definitely the way forward because the use of data is definitely becoming one of the key regulatory issues and key concerns particularly with the development of new technologies.”

According to Minovic, the introduction of GDPR was definitely necessary to raise the awareness and to start dealing with the protection of personal data and privacy. This was particularly needed in order to integrate GDPR into business practices because, she adds, data protection was “quite theoretical and not something that was tangible for every company”.

A long road ahead for GDPR

Minovic points out that the implementation of EU- legislated GDPR was put in force in 2018 and there is still much to be achieved.  Her main concern is that data protection regulation “is one of the few laws in Europe that reaches outside European territory in the sense that wherever you are located if you want to offer a service to a European resident you need to comply with GDPR.”

She is of the opinion that compliance of non-EU companies is “quite difficult”, which puts regulated operators based in Europe at a disadvantage if no action is taken against non-EU operators that do not comply. On a positive note, Minovic notes that non-EU countries are replicating and implementing a similar GDPR framework in a “copy and paste” scenario.

EU vs US approach to GDPR

Minovic points to the substantial difference in the US approach to GDPR compared to the European stance, noting that the “American approach is more pragmatic”. On the other hand, European regulators are stricter with formalities “without understanding the practical implications”. GDPR, according to her is “one of the most complex regulatory compliance mechanisms” for two main reasons. Firstly, because it is a principle-based regulation which does not explicitly lay out what should be done – the choices are few and difficult to make. Secondly, Minovic explains that GDPR is “very factual based, deeply connected to how a business operates, where it stores data and who has access to the data. She adds that this is becomes very complicated, indeed “practically impossible” to manage in large organizations that are manipulating large amounts of data.

GDPR and EGBA code of conduct

GDPR came into force within the EU in May of 2018, marking an evolution in data protection. The legislation places strict demands on the industry in terms of accountability for the use of personal data collected, adding to the rights of individuals. Following the introduction of GDPR, the burden is on companies to understand and mitigate the risks involved in the use of personal data.

Subsequently, in 2020, the European Gaming and Betting Association (EGBA) published a Code of Conduct on data protection which establishes dedicated sector-specific rules and best practices to ensure compliance with the EU GDPR and promotes the highest standards of data protection in the online gambling sector.

Adriana Minovic joined Betsson Group four years ago. She is the Director of Compliance and DPO (Data Protection Officer), a lawyer by profession specialised in various regulatory & compliance issues.

Interested in iGaming?

Join the SiGMA Balkans/ CIS regional summit happening in Limassol, Cyprus from 04-07 September 2023.

You may watch the podcast here.

Share it :

Recommended for you
Shirley Pulis Xerxen
17 hours ago
Garance Limouzy
1 day ago
Garance Limouzy
1 day ago
Garance Limouzy
1 day ago