European Gaming Lawyer magazine Spring 2016 | Page 12

The new General Data Protection
Regulation and the online betting and
gaming world

I

Adam Rose

n December 2015, after years of
review, negotiation and false dawns,
the European parliament, the
European Commission and the
European Council finally agreed a
text for the proposed new general data protection
regulation (GDPR). The current law, implemented
across the whole of the EU and largely seen as the
‘gold standard’ data protection law around the world,
had been agreed in 1995, implemented with varying
degrees of difference in each of the 28 EU member
states and adopted in their own way by a number of
other countries. It has since come to be recognised as
at least slightly out of date for the online world that
has significantly developed since 1995 at best and at
worst talking to issues that were no longer reflective of
the way every business, government, consumer and
citizen goes about their interactions. The GDPR is
intended to do away with the current laws, replacing
them with a unified regulation which will be directly
effective in each member state. At least at first, and in
headline terms, the law will be the same across the
EU.
The starting point is to appreciate what the existing
law regulates, in broad terms, before looking at the
changes. Deriving its existence from the European
Convention on Human Rights, and specifically the