Skip to main content

With an estimated 80% of companies still not GDPR compliant, Pedram Padidar, Enteractive COO, warns that many are at risk and urges action to implement proper procedures.

GDPR - The Aftermath Enteractive

GDPR made its long-anticipated arrival last month, with the new rules on data and privacy set to have a lasting impact on both companies and the general public.

The four-letter abbreviation became one of the top trends on Twitter in the lead up to Friday 25th May when the new regulation was enforced, while many firms were frantically updating procedures to ensure they weren’t caught out.

GDPR had an impact on that Friday, with a number of high-profile US news websites becoming temporarily unavailable to European users after the new rules came into effect. In addition, complaints were made against several tech giants just hours after the changes were enforced.

Its lasting impression is sure to carry on for the years ahead, especially considering an estimated 80 percent of companies have yet to implement compliance programmes for both GDPR and the ePrivacy Directive, more commonly known as the “Cookie Law”.

Just before GDPR was enforced, data subjects were bombarded with emails notifying them about the changes in data security, with some urging recipients to hit the “opt-in” button if they wish to continue receiving marketing content from the respective company.

Not only did these serve as a significant annoyance to consumers, but they were largely unnecessary and likely to have an impact on direct marketing strategies for the foreseeable future. In fact, it’s estimated those who engaged in this needless activity have lost upwards of 80 percent of their marketing database.

Thankfully in the iGaming industry, many operators have put in place stringent procedures to ensure they are compliant with these new data rules.

Some were in danger of acting on inaccurate advice and obtaining explicit consent for direct marketing from data subjects they already had an existing commercial relationship with.

However, most have gone against this advice, especially those who attended a recent Breakfast Briefing we held last month, where it was explained the risks associated with this approach and that they already had the right to use direct marketing under the ePrivacy Directive to existing customers. This is as long as they were transparent and give those customers the controls to opt-out of such activities.

It’s apparent that there are a number of operators who are still not compliant and have not taken the appropriate steps to become compliant. We urge these companies to make the necessary changes to their processing policies and to look at the holistic landscape of privacy and data protection – not just GDPR.

At Enteractive, we have tackled our data obligations head on by reducing our own risks, the risks to our operator clients but most importantly, the risk to their data subjects. We have worked closely with the team at Think Privacy to ensure our data processing agreements meet the requirements of the law, which has a knock on effect throughout our chain of processors and controllers.

Compliance is an ongoing responsibility and many iGaming operators will be required to have a data protection officer due to the sensitive nature of the data they are processing. It is very important that they meet these requirements in the long-term or run the risk of receiving hefty fines.

It’s apparent that there are a number of operators who are still not compliant and have not taken the appropriate steps to become compliant.

Pedram Padidar, COO

Share this Post