A simplified approach to GDPR
Mikael Hansson, CEO of retention solutions provider Enteractive, aims to debunk some of the myths around GDPR and how operators can openly engage with their customers in light of new regulation
The enforcement of GDPR is one of the biggest shake-ups in the way in which companies handle data, and no doubt a piece of regulation which will have caused a headache for many in the igaming industry.
Much has already been discussed about the impact GDPR will have on the way in which operators engage with their customers through marketing materials.
Understandably, there is a cause for concern as it could have a direct impact on future growth, should there be any limitations in the way in which consumers are targeted.
Most, if not all, will already have set up new measures and guidelines in order to adhere to the new regulations.
However, there appears to be some confusion as to what exactly the boundaries are in terms of data processing and engagement.
One of the key factors with GDPR is the need for “active consent” when processing data and communicating with customers.
Some firms, particularly those from outside the industry, have already been busy sending communications with their customer base, encouraging them to “opt-in” in order to continue receiving marketing materials from them, a process known as “re-permissioning”.
But from speaking to our own legal experts, we have actually found that “active consent” is not necessarily required under GDPR when processing all personal data in order to communicate with players from a marketing perspective.
At Enteractive, where communication is at the heart of our retention solutions, we were a little surprised to hear this development at first, but there are alternative legal grounds that will simplify the process for operators.
Instead, when it comes to the processing of personal data for use in product or campaign promotions or customer communication through channels such as email, phone or second-generation messaging, the legal base of “legitimate interest” is a far more suitable ground for processing data.
It allows an operator to use personal data as long as it has clearly informed the individual about what it intends to do with the data, and who’s legitimate interest they aim to pursue with such communication.
But how do we clearly inform the individual in this case? The information can be positioned under the general terms and conditions more commonly seen, as long as it is easily found under a heading of its own and not as the last paragraph.
There is a need for consent in order to send commercial information to customers, however this is not regulated by GDPR but instead the e-Privacy Directive.
However, the Directive states that companies have the right to send commercial information via e-mail to subjects should they have obtained their personal data in the context of a sale, also known as “Soft opt-in”.
The requirements for the “soft opt-in” are that the data subject has been clearly informed that the personal data may be used for marketing purposes and that they have been given the chance to object from this use – which is very similar to the requirements that is found in the GDPR concerning the use of the legal basis legitimate interest.
What’s important for igaming operators is that as long as they inform the customer about how they intend to use the personal data it collects from them, they should avoid using Active Consent as a legal basis.
The Legitimate Interest legal ground simplifies matters for both the customer and operator when handling personal data, particularly when it comes to marketing and sales purposes.
Mikael Hansson is the CEO of Enteractive, a leading provider of player retention solutions for the iGaming industry. He co-founded the company in 2008 and has a wealth of experience in senior management roles. Prior to Enteractive, he was a corporate CFO as well as owner of a consulting/advisory firm.