Brexit: Data flows still a concern for online gambling companies
On 24 December, after months of negotiations, the EU and UK finally agreed to a post-Brexit trade deal which outlines their future relationship now the UK has officially left the EU.
While the agreement covers many different sectors, for online gambling companies it does not resolve many of the direct consequences of the UK’s exit from the EU. Like many other online sectors, Brexit brings a host of complications for online gambling companies, many of which will develop over the coming months. This is particularly true for the crucial issue of online data flows, where there will need to be a long-term arrangement agreed between the EU and UK. While there is an interim agreement in place to continue data transfers between the two jurisdictions, this will expire in less than 6 months’ time and there is no certainty as to what will happen next.
At the same time, any UK-based online gambling company which manages, stores or processes data in the EU will still need to be fully compliant with the EU General Data Protection Regulation 2016/679 (GDPR). EGBA recognises the challenging and complex nature of the EU data requirements, particularly for smaller companies, and last year published an industry code of conduct on data protection to help companies meet their GDPR obligations.
“At this stage, we consider the most concerning outstanding issue with Brexit to be the question of cross-border data flows, given the vast amounts of data used in the online gambling sector and the many companies which have operations in both the EU and UK. Without a long-term agreement which secures the smooth flow of data, online gambling companies who operate in both jurisdictions would need to decide, among other things, where best to locate their data hubs to ensure as little disruption as possible to their everyday operations. Irrespective of any future agreement on data flows between the two jurisdictions, we encourage any UK-based company which wishes to continue operating in the EU to sign up to EGBA’s code of conduct on data protection as a means to demonstrate they are fully compliant with GDPR.” – Maarten Haijer, Secretary General, EGBA.