EGBA demonstrates commitment to GDPR with sectoral code of conduct for data protection

New Code establishes rules and best practices to strengthen data protection in the online gambling sector and is one of Europe’s first sector-specific initiatives to support compliance with the GDPR.

BRUSSELS, 10 June 2020 – The European Gaming and Betting Association (EGBA) has today published a draft Code of Conduct on data protection which establishes dedicated sector-specific rules and best practices to ensure compliance with the EU General Data Protection Regulation 2016/679 and promotes the highest standards of data protection in the online gambling sector.

The draft Code of Conduct on Data Protection in Online Gambling sets long-term data protection standards for Europe’s online gambling sector and is intended to complement and reinforce the sector’s compliance with the GDPR. The Code is one of Europe’s first ever sector-specific self-regulatory initiatives to support compliance with the GDPR. The Code is part of EGBA’s wider efforts to drive standards in the online gambling sector and is in accordance with the GDPR, which encourages the use of sector-specific codes to support the proper application of its provisions[1].

The Code introduces specific measures and best practices on:

  • Enhancing portability rights – including rules to enable customers to transfer their personal data from company to company in an easier and secure way (including rules for player account registration, transactions history, marketing preferences, etc).
  • Supporting transparency – specifying what needs to be contained in a company’s privacy policy and which are the possible exceptions to the transparency principle, in view of the specificities of the sector.
  • Protecting against breaches of personal data – online gambling companies are required to introduce a plan to prevent and/or mitigate against breaches of personal data.
  • Establishing VIP accounts – how companies should establish player accounts for “VIP” customers in a way which respects privacy and the use of personal data.
  • Safer gambling – how companies should balance a customer’s privacy rights against the need to protect them from problem gambling.
  • Direct marketing – guidance on how to protect customer data during direct marketing and to prevent self-excluded customers from receiving direct marketing.
  • Detecting fraud – measures to prevent fraud and ensure data is used to comply with applicable laws.

All EGBA members will adhere to the Code and it is also open for signature to other online gambling companies licensed in the EU/EEA. Compliance with the Code will be monitored by an independent third-party monitoring body.

In line with the requirements of the GDPR, the draft Code has now been submitted to the Maltese Data Protection Authority for formal approval of the Code’s compliance with GDPR.[2] This is a process which involves data protection authorities in other EU countries and the European Data Protection Board.

“On the 2-year anniversary of the GDPR, issues around data protection, privacy and the use of personal data are still a concern for many European citizens. That’s why we’re pleased to introduce this new code which demonstrates the online gambling sector’s commitment to protecting the personal data of our 16.5 million customers and supporting the success of the GDPR. We’re pleased to be one of Europe’s first industry sectors to introduce a self-regulatory code which supports compliance with GDPR. Data, and how it is used, is playing an increasing important role in how citizens and business interact online – and the online gambling sector is no different. This code outlines how online gambling companies should ensure their customers understand how their personal data is being used and provides important guidance on how companies should use personal data in their interactions with customers, including how they identify and address problem gambling behavior in their customers.” – Maarten Haijer, Secretary General, EGBA.

[1] Article 40, General Data Protection Regulation 2016/679.

[2] As of 01 February 2024, EGBA is currently working to update its draft GDPR code, to incorporate recent technological and legal developments, and, once this revision process is complete, will resubmit a revised code to the Maltese Data Protection Authority for its approval.

Key documents:



About EGBA

The European Gaming and Betting Association (EGBA) is the Brussels-based trade association representing the leading online gaming and betting operators established, licensed and regulated within the EU, including bet365, Betsson Group, GVC Holdings PLC, Kindred Group PLC, and William Hill PLC. The Swedish Trade Association for Online Gambling (BOS) is an affiliate member of EGBA. EGBA works together with national and EU authorities and other stakeholders towards a well-regulated online gambling market which provides a high level of consumer protection and takes into account the reality of the digital economy and consumer demand. Today, EGBA’s member companies together have more than 16.5 million customers in Europe.

Contact Us

Daniele Perrone

Legal Advisor

Tel: +32 255 408 90


We use cookies in order improve your browsing experience on, not to collect personal information. By continuing to use the site, you agree that that is OK. You can read more about our privacy policy here.