This page contains a Flash digital edition of a book.
affect share price, capital investments and future trading.


What will the new EU Privacy Shield mean to operators?


Te new law better reflects what citizens and consumers expect and what corporates will accommodate it without too much disruption. We are at a point were the law had to change as the current regulations are 20 years old and the world has moved on. I think the regulation better reflects the way we use data today.


Tere are four main aspects to consider:


1. Te Privacy Shield will come into force in two years time as it’s in the final stages of approvals in EU system. It will produce a single unified law across the 28 members of the Union and will be a good thing generally for business in terms of letting them know exactly where they stand.


2. Te level of fines increases to €20m for most serious offences.


3. Consent will need to be more explicit. We will probably move away from pages-and-pages of terms and conditions that no one reads.


4. Finally, in the betting and gaming space, the current law only regulates data controllers, but the new law also regulates data processors, those outsourced data providers such as cloud solutions, for example, would be under the same obligation as those collecting the data, which might have a serious impact on betting and gaming where a lot of the work is contracted to intermediaries.


happen, but that’s not specific to gaming, that’s something that happens to all industries that gather personal data.


Terms and conditions won’t protect operators in terms of data loss or theft. Tey need to consider what their response is and have a plan in place to deal with it - though most organisations don’t and you see that when there’s a high profile data loss. Tat’s when you see large organisations not performing at their best.


Operators can be fined at present up to £500,000 for breaches and when the new law comes into being that will become €20m. If individuals have suffered loss, they can sue the corporation involved for not looking after their data. For the organisation to get it wrong it can be very costly, not just in terms of the fines, but also because it is reputation damaging. We can all recount companies that have suffered a data breach in the past year. However, for individuals looking to take action against the operators, the hassle and cost of taking action is prohibitive, coupled with the ‘what have you really lost’ factor. Te main issue for the company involved is the fact that it generates very negative reputation issues. I generates bad will instead of good will. If you think about companies like Talk Talk in the UK, or Sony, the data loss will


Te greatest challenge for the industry is that the new law add costs to organisations that will ultimately be passed to consumers. If operators are going to increase their protection of the customer, it’s the customer that will have to pay more. It’s not the intention of the law, but it is a consequence of it.


We don’t have any guidance as to the seriousness of the issue or problem in relation to the size of the fines imposed. We will just have to expect that the regulatory authorities will attribute the fines in relation to the offence. For example, the maximum fine in the UK at present is £500,000, but the maximum actual fine that has been handed out is £300,000. I’d imagine the same rule would apply and you’ll see the maximum fines reaching €12-14m for the most serious offences, typically involving financial or medical data.


Is there such a thing as having too much data?


A company should only gather the data that it needs, it shouldn’t gather more than is necessary. For a betting and gaming operator, they need to know the age of the consumer, because there’s a block on under 18s living in the UK. Tey need to know credit card details, but you only need it at that moment of payment, whereby you sub-contract the rest to specialist payment processors. What you don’t need are my employment details, if I’m male or female - that shouldn’t matter. You don’t need to know if I’m 19, 35 or 59 - you just need to know that I’m over 18.


The greatest challenge for the industry is that the new law


add costs to organisations that will ultimately be passed to consumers. If operators are going to increase their


protection of the customer, it’s the customer that will have to


pay more. It’s not the intention of the law, but it is a consequence of it.


Tere are also geo-location issues, were as a data collector, you have to ask ‘why am I collecting this data?’ Generally speaking, there’s a limit to how useful this data is to an organisation, and so I would generally encourage them to collect less. Again, the more data you hold the more data you need to disclose if someone makes a subject access request. It only costs the customer £10, but it could cost the operator thousands in collating that information. Te less data you hold, the less you have to provide.


Individuals should also be aware that for the purposes of crime prevention and detection, the police might make a request or gain a court order requiring disclosure of an individual’s data, including GPS location information. Such requests can be very useful if your car has been stolen and the GPS tracker in your car easily locates it. However, you might be more concerned if a private investigator was tracking you in relation to an affair you were having. In terms of handing over the data, the general rule for the operator is to ask for a court order so that you know you’re under the orders of the court. However, it might not go that far and a request for CCTV information by the police would be viewed as helping with basic enquiries.


How can operators mitigate against data issues?


Yes, through disaster control. Everyone should have a plan in place in case the worst happens, though they must also ensure robust security is in place to ensure it doesn’t happen in the first place. However, organisations do need a have a process in place as to how to deal with this issue. Companies mustn’t look like headless chickens and give consumers the confidence that they are dealing with the problem. Tere isn’t a single solution as to how to deal with an issue, but you need to make an assessment of what data has gone missing, do I need to inform the Information Commissioner, do I need to tell the Gambling Commissioner? Should I contact the individuals affected? Do I know who I’d call from a legal and technology perspective to try to retrieve the data quickly, and can I identify those involved and get injunctions to stop people from using that data and force them to return it?


NEWSWIRE / INTERACTIVE / 247.COM P61


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76