MGA’s Industry Guidelines on the GDPR in consultation with the IDPC

The Malta Gaming Authority (MGA) has published a guidance document on the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. This regulation is aimed at harmonizing data protection regulation across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy. The GDPR builds on the foundations of the current data protection legislation demanding more from organisations in terms of accountability for the use and retention of personal data and enhances individuals’ rights to data privacy.

The MGA recognises the industry’s concerns about GDPR-compliance and the way it will impact the gaming industry, so it has undertaken the task of producing this guidance document after a consultation process with the Office of the Information and Data Protection Commissioner (IDPC), which is the responsible supervisory authority for regulating the application of data protection legislation. It will remain the responsibility of MGA licensees to ensure they are compliant with the GDPR and with the gaming regulatory framework.

These guidelines are considered to be a living document and will be further developed over time as practical issues arise with the effective implementation of the GDPR. They are to be read in parallel with legal requirements imposed on Operators by virtue of Maltese gaming laws, and are without prejudice to the said legislation. Furthermore, such guidelines and the interpretations contained therein are without prejudice to any decision which the Commissioner may take in relation to complaints and, or to any other specific data protection issue. These interpretations are also without prejudice to any further guidelines or opinions that might be issued by the Article 29 Data Protection Working Party and, as from 25 May 2018, by the European Data Protection Board.

The Guidelines on GDPR Compliance can be accessed here.