European Gaming Lawyer magazine EGL_Spring2017_opt - Page 10

The General Data Protection Remote Gaming Operators by T he regulatory environment for remote gaming operators in Europe has been signifi cantly unclear during the last decade(s). Th e legal regime of many member states still does not comply with the freedom of services granted under Union law. Th erefore, there has been a tendency of remote gaming operators to put the focus of their strategy on how to survive under nebulous and diffi cult legal circumstances. Th is might be the reason why in the past data protection issues were not treated with high priorities even though remote gam(bl)ing is nothing other then a permanent processing of personal data. Th e General Data Protection Regulation (GDPR) marks a turning point in the relevance of data protection law. I. General Information After long lasting discussions the GDPR was adopted by the European Parliament on 14 April 2016, published in the Official Journal on 4 May 2016, came into force on 25 May 2016 and will apply from 25 May 2018 (Art. 99). Different from the old Data Protection Regulation of 1995 the new Directive does not need to be transposed by the Member States into national law. The GDPR includes 99 Articles (instead of 34 Articles in the old Regulation) and a high number of 173 Recitals which almost make up 40% of the complete published text. Th e aim was to modernise and harmonise data protection law in the EU. However, it seems questionable to which extent a EU wide harmonisation will be achieved since the GDPR includes nearly 50 opening clauses which allow the Member States to specify, to complete or even to amend regulations of the GDPR