2018 was a transformational year for GVC and not just because it was the year the EU General Data Protection Regulation (GDPR) went live. As a result of its acquisition of Ladbrokes Coral, GVC became the world’s largest online-led sports betting and gaming operator as well as gaining a significant presence in retail gambling as the UK’s largest high street bookmaker.
In recent years as with other retail and leisure industries, the casino sector has undergone major shifts. The casino is no longer about the experience of visiting bricks-and-mortar establishments—an opportunity to admire the lavish and sometimes outright baroque interior with a distinctive felt-topped casino, poker and blackjack tables as centre-pieces—a place of social gatherings where you could enjoy a drink, smoke or a chat as much as game of cards.
These days, companies—no matter the industry they operate in are “technology-driven entities”, albeit with an interest in financial services, payments, consumer products or, for that matter, gaming and betting.
Like other industries, gaming and betting is shifting to digital—a reflection of technology—driven lifestyle changes. Digital casinos, in particular, are experiencing double-digit growth rates as they offer easily accessible, enhanced customer experiences. This has spawned a growing number of new data-driven business models, products, and technologies such as artificial intelligence (AI), machine learning (ML), augmented and virtual reality. As gambling operators collect more and more data, innovation and security are the keys to success. Developing data analytics capabilities to gain and apply insights becomes more urgent, not just in relation to product development and marketing but, crucially, to comply with AML and KYC obligations. Indeed, data itself has become a vital strategic asset and a key driver for growth.
"Managing data effectively can no longer be an afterthought but needs to be coded into the cultural and corporate DNA through increased employee data literacy and enhanced business process design"
Conversely, data risk is steadily increasing as the volume of cybersecurity attacks, and data breaches demonstrate. The rise of data has also led to a considerable increase in data laws and regulations. There are now more than 120 laws globally (and counting), which regulate the collection, processing, use and sharing of personal data. Primarily, these include the GDPR, the California Consumer Privacy Act and India’s draft Personal Data Protection law. However, there are significant other pieces of legislation, such as the Chinese and Vietnamese cyber security laws, the Indonesian regulations for strategic electronic data or US federal or state regulations, which restrict the cross-border access to and transfer of personal data. This has brought data sovereignty and data residency as a business issue into sharp focus. Navigating this ever more complex regulatory landscape becomes a severe challenge as companies face a triple whammy of substantial fines, litigation and significant reputational risks. These could manifest themselves in a loss of business and a depressed share price and have a significant impact on a company’s ability either to grow organically or by acquisition.
All of this will impact the way gaming and betting operators transact business and the services they provide. To stand out in a crowded market, operators need to come up with new ideas to improve customer stickiness and leverage brand impact. Against this backdrop, an operator’s approach to data management and protection can become a crucial differentiator for generating customer trust and brand resilience.
This requires a clear and consistent data strategy which identifies the data needs of the business, purposes for data collection and use and the governance framework for managing data throughout the lifecycle. The data strategy needs to be underpinned by a technology strategy which enables the collection and processing of data, including control and management of all information assets. Data and privacy-by-design are one of the critical vehicles for embedding data governance in business processes and product design - as is strong execution of well-defined, fully operationalised privacy programmes and information security frameworks.
GVC’s focus is on using and developing its proprietary technology. This enables us to integrate other tech stacks, which we acquire, more effectively. This also allows us to configure its platforms and IT infrastructure to ensure better control over the data, enhanced cybersecurity management with reduced dependence on third party suppliers and robust privacy controls and data governance structures. As Chief Privacy and Data Protection Officer, I report to the Board’s Corporate Social Responsibility Committee, which also has oversight of our responsible gambling strategy—a crucial part of our licensing and business development strategy. This illustrates that privacy is an evolving concept, which far from being solely a compliance issue, is a core part of business ethics and corporate governance frameworks.
Managing data effectively can no longer be an afterthought but needs to be coded into the cultural and corporate DNA through increased employee data literacy and enhanced business process design. It will, however, provide gambling operators with a clear choice: to embrace the new rules of the road, become trusted partners and service providers and transform through growth or to be a gaming utility, stagnate, fall behind competitors and, ultimately fail— the choice is ours.