Interviews & Editorials

COVID-19, GDPR and Online Gaming Business


What should operators have in mind when developing online business? #

Zlatan Omerspahić, Head of Legal and Compliance at NSoft: All industries, with no exception, have a common denominator for the year 2020. It is financial uncertainty.

Lockdown hit some niches hard. Many businesses were closed in a scenario we have never seen before. COVID-19 pandemic has brought the economies of all countries to a standstill. Betting and gaming industry wasn’t an exception, especially in the retail channel where the restrictions are still in force to a lesser or larger degree at almost all markets.

Still, the fact is that the internet gaming industry has a great chance to become the most popular betting channel. As always, the necessity is the mother of invention - in our case digitalisation. Understandably, the pandemic and the lockdown were a driving force for many operators to invest in online business - whether expanding the existing online betting business or starting from scratch.

Pay attention to regulatory risk and data protection #

It’s vital to pay attention to regulatory risk regarding online business and data protection in that context. The overriding obligations of the operators are to identify and understand the personal data that they process. The operators must understand legal obligations related to data protection and document all compliance activities. Furthermore, they have an obligation to establish a compliance framework that will comply with GDPR.

What compliance framework covers? #

Compliance framework comprises of data mapping, analysis of lawful basis and risk assessment.

- Data mapping. An operator shall develop a data map of player’s data which needs to contain at least (what personal data is processed, the source of the personal data, what the personal data is used for and similar);

- Analysis of lawful basis for processing. This analysis should cover the legal basis for each processing activity (Article 6 of GDPR);

- Risk assessment. The operator shall conduct a risk assessment to determine the level of risk for processing each of the personal data categories.

If an operator wants to have an adequate compliance program related to data protection, internal or external audit should control it periodically. Besides being legally on the safe side when we speak on GDPR and data protection, the operators have to build their business on three main pillars to ensure their players’ trust.

The following principles must be met: lawfulness, fairness and transparency.

Security #

Regarding security, as a general rule, Article 32, GDPR requires controllers and processors to adopt a risk-based approach to security measures “to ensure a level of security appropriate to the risk”.

Article 32 of GDPR defines several security measures such: pseudonymisation and encryption of personal data, the ability to ensure ongoing confidentiality, integrity, availability and resilience of systems and services processing personal data, the ability to restore the availability and access to data on time in the event of a physical or technical incident, as well as to document regular reviews of access controls, a process for regularly testing and certification mechanisms.

In the end... #

The most important thing is to ensure the implementation of these principles internally, including precise roles and obligations. The crisis is always a chance, but every responsible company needs to think about regulatory risk and reputation, especially in the data protection aspect.


Related Articles

Interviews & Editorials


NSoft regulatory overview - market expectations in 2020

Zlatan Omerspahic, Head of NSoft's Legal and Compliance has given the regulatory overview for SBC focusing on 2019 highlights and 2020 outlook.

Learn more

Interviews & Editorials


NSoft’s Legal and Compliance Department: the true value of in-house counsel

Commenting on NSoft’s Legal and Compliance Department role being an added value to NSoft’s product palette Mr. Zlatan Omerspahic, NSoft’s Head of legal and compliance, shares his view on what our partners can expect when working with NSoft.

Learn more

Interviews & Editorials


NSoft’s CFO on NSoft’s strong financial performance and gained market share

NSoft's expansion is remarkably impressive and confirmed by a number of recognitions such as the Deloitte Award, within its Deloitte Technology Fast 50 Program that has already, for the 3rd time in a row, ranked NSoft as one of the fastest-growing technology companies in Central Europe.

Learn more

Didn’t Find What You’re Looking For?

Our team will be happy to guide you through our products and services.

Contact us