Compliance Updates
MGA: Update to the Incident Reporting Requirements

The Malta Gaming Authority would like to inform its licensees of updates made to the Incident Report mechanism available through the Licensee Portal The information hereunder outlines relevant guidance and procedures for the submission of an Incident Report through the updated reporting instrument entitled the â€Technical – Information Security Incident’.
As mandated by Articles 37(2)(c) and (d) of the Gaming Authorisations and Compliance Directive (Directive 3 of 2018), “Licensees shall notify the Authority forthwith, and in any case no later than three (3) working days after, the following:
(c) Any breach of the licensee’s information security that adversely affects the confidentiality of information relating to players;
(d) Any breach of the licensee’s information security that precludes players from accessing their accounts for a period exceeding twelve (12) hours.”
In this regard, Licensees are obliged to submit an Incident Report in order to notify the Authority of the circumstances relating to an information security breach that meet the above specified criteria. Additionally, Licensees are advised to remain mindful of any further obligations emanating from the General Data Protection Regulation (EU/2016/679) and any relevant legislation.
The Technical – Information Security Incident option will be accessible through the “New/Change” dropdown menu via the Portal. Upon selection, users will be directed to the applicable sections of the â€Technical – Information Security Incident’ where all compulsory fields and any relevant documentation must be submitted to the Authority.
Upon submission, the Incident Report shall undergo review by the Authority. Any missing information that may be identified by the Authority, shall be requested accordingly from the Licensee. It is imperative that any pending clarifications are addressed in a timely manner.
If no further clarifications are deemed necessary by the Authority, the Incident Report will be closed off accordingly, and any relevant documentation will be securely filed for record-keeping purposes.
Any Incident Reports left in â€Draft’ form (i.e. opened but not effectively submitted) for a period of ninety (90) days shall be automatically discarded.
-
Asia6 days ago
Digital gaming disruption tackled in 1st AsPac Regulators’ Forum
-
Africa7 days ago
Kiron announces the launch of its new virtual football title, Turbo League, with SportPesa in Kenya and Tanzania
-
Aquisitions/Mergers7 days ago
NOVOMATIC successfully completes sale of ADMIRAL Austria to Tipico and focuses on international growth markets
-
Compliance Updates7 days ago
SOFTSWISS Releases Gambling Regulation Directory for iGaming Operators
-
Compliance Updates7 days ago
Alternative Dispute Resolution (ADR) Role and Certification
-
Asia7 days ago
iRace Media extends partnership with The Hong Kong Jockey Club in Asia
-
Central Europe7 days ago
SYNOT Games Delivers Bespoke Games Exclusively for SazkaHry.sk in the Slovak Market
-
Latest News7 days ago
Flutter UKI Invests Nearly ÂŁ7M into Community Sports