GPWA Times Magazine - Issue 39 - November 2017

CHANGE THE GAMING AFFILIATE BUSINESS EU GENERAL DATA PROTECTION REGULATION fter having been approved on 14 April 2016, the EU General Data Protection Regulation (GDPR) goes into effect 25 May 2018. It will represent a ground-breaking change in the EU’s approach to privacy compliance. And it will directly impact gaming affiliates, obliging them to comply with stringent requirements in the processing of players’ personal data. Consequently, operators will also be influenced by the regulation. Why gaming affiliates will be obliged to take privacy seriously The new approach to privacy compliance is not only due to potential sanctions, which will be increased to 4% of the global turnover and can be issued against both operators and affiliates, but also because the potential loss of players’ data (called a data breach) might lead to major liabilities and damages, including reputational damages, for both operators and affiliates. Indeed, in case of a data breach, affiliateswill be obliged to notify the operator “without undue delay after becoming aware of a personal data breach.” This seems to be flexible wording, but since operators are required to notify the relevant privacy authority of data breaches “not later than 72 hours after having become aware of it,” if an affil- iate is not able to identify and does not notify the operator of a data breach within 72 hours of its occurrence, this might be considered per se evidence of a lack of compliance with privacy regulations. In some cases, notifications of data breach shall be performed for the benefit of players as well, whichwill further increase the potential damages (including reputational damages) for both affiliates and operators. This is because, in cases of claims from authorities and players, affiliates will have to prove that they have done what is required under privacy laws to comply with data protection reg- ulations, and the burden of proof will be on them to showprivacy compliance, according to the principle of accountability. How the GDPR will BY GIULIO CORAGGIO With the effective date of the EU General Data Protection Regulation coming in May, online gaming and technology law expert Giulio Coraggio explains what affiliates need to know and how it will change the landscape of the industry W W W . G P W A T I M E S . O R G 36