All you need to know
Information for Onboarding Operators
What is GamProtect?
​​​
GamProtect is an independent, industry led scheme, based on the highest data protection standards, delivering a unified, collective solution, to the shared challenge of preventing harm. It aims to ensure that people who display high risk behaviours are protected from gambling related harm to their health.
Participating Operators will identify a player as at risk of health-related problem gambling if:
​
• The player states they have a gambling addiction.
• The player states they are seeking support or treatment for gambling addiction.
• The player states they will harm themselves/someone else.
• The player states they should not be gambling because they have a health condition.
• The player states they want to stop gambling forever due to having a gambling addiction.
​
Following a Safer Gambling interaction which would determine a customer’s eligibility for the scheme, an Operator will share the following customer registration information with the technical system, GamProtect:
​
• Unique Customer ID, Forename, Surname, Date of Birth, Postcode, Email Address, Telephone Number
​
GamProtect offers real time (known as ping) and batch matching service to Participating Operators who check the GamProtect register against their own customer data base. Ping is run as part of the real-time customer journey and triggered during events such as sign- up, login and updating of details. Batch is run once every 24 hours, allowing the Operator to check against their entire customer database so customers who have been registered but have not recently interacted with gambling applications/services can also identified.
​​
Participating Operators will use GamProtect to identify whether the same customer has an account with them and proceed to close their account. The customer will remain on GamProtect for an initial 5 years during which they cannot remove themselves from GamProtect. However, if the player thinks they have been added to GamProtect incorrectly, they can follow the GamProtect redress process.
​​
After the initial 5 year period, the player can remove themselves from GamProtect by contacting the Operator that prevented them from accessing gambling services. The player will remain on GamProtect for a further 35 year period if they do not remove themselves from GamProtect.
Players details will be further held in GamProtect for an archive period of 7 years after they are removed from GamProtect (either by request or expiry).
​​
If a player believes they have been added to GamProtect incorrectly, they can contact the Closing Operator that is preventing them from accessing online gambling services using the contact details provided in their privacy notice.
​​​
Development of the scheme​​​
In February 2020, the Gambling Commission (GC) launched an industry-wide challenge to find a technology solution to creating a Single Customer View (SCV) which would protect gamblers who gamble with more than one company.
​​​
Later that year, the GC then entered into the Information Commissioner’s Office’s (ICO) Regulatory Sandbox to explore the concept of the SCV. A summary of their work can be found in the ICO’s published report.
​​​
ICO Regulatory Sandbox – January to November 2022
​​​​
In 2022, the BGC entered into a separate ICO Regulatory Sandbox and facilitated the industry’s development and trial of an SCV solution. With support from the BGC, four trial Participating Operators (Bet365, Entain, Flutter and evoke) completed all the data protection documentations (Data Protection Impact Analysis, Legitimate Interest Assessment, Privacy Notice etc) and signed a Data Sharing and Services Agreement (DSSA) with the technology provider, Tutelar Limited.
​​​
The ICO terminated its Regulatory Sandbox just before the BGC entered into the live testing phase in November 2022. The ICO informed the BGC that the Operators can proceed with
live testing outside of the Sandbox once the Operators feel they have mitigated the identified risks. We have since written to the ICO to confirm we believe data protection considerations have been addressed. The GC is aware of the developments and supports the progress we have made in the trial.
A summary of the BGC’s work under the ICO’s Regulatory Sandbox can be found in the
ICO’s exit report.
​​
Dry Run – 20 February 2023​
The “dry run” i.e. testing in a live environment without taking actions on players who are flagged onto the GamProtect platform was conducted over 2 months ahead of the launch of the live trial (where flagged player accounts will be closed). A number of minor fixes were deployed during the dry run such as phone and email validation, to ensure that the database captures as much information as possible.
​​
Live Trial – 26 April 2023​
The trial Participating Operators launched the live trial on 26 April 2023. The trial was carried out without major issue, and KPMG was contracted to carry out both the trial evaluation and the security audit.
​​
Data collection took place between 15th May to 15th August 2023, and the full evaluation report was delivered in January 2024. Over the three-month period, registrations on GamProtect amounted to 2,109 identities from 1,250 customers (this is because some customers have multiple accounts). The evaluation report raised no material concerns and confirmed the trial was running as expected.
​​
The Security Audit was completed in February 2024. No material breaches were identified. Both the Evaluation and Security Audit reports have been shared with DCMS and GC, as well as trial participating and onboarding BGC members.
​​
Live Scheme – 1 April 2024​
Following successful completion of the trial evaluation and security audit, the live scheme commenced on 1 April 2024 as BGC B2C online operators began to onboard onto the platform.
​​
GamProtect Ltd was established in April 2024 as a mechanism to manage the development of the initiative on behalf of all Participating Operators.
​
Onboarding​
All licensed operators are encouraged to join the scheme as soon as possible. The first step is to contact GamProtect Ltd (currently supported by the BGC) via pmo@bettingandgamingcouncil.com. Operators will be required to sign a non-disclosure agreement with the technology provider, Tutelar ltd, in order to proceed with technical onboarding.
As an estimated timeline, it is recommended that 1-2 weeks be reserved for set-up and testing within the Staging Environment. Although the set-up and configuration of production is very similar at a task level, most Operators will have a change process that will differ slightly, and this will determine the timeframe for productionising. This is expected to be no longer than 2 weeks. A good estimate from initial engagement with GamProtect and being Live would be 3-4 weeks.
​​
Fees​
Operators will be charged a fee to participate in the GamProtect scheme. There are two components to operators’ fees to the GamProtect scheme. This consists of a share of the BAU operational costs and a share of the development cost. Both are based on operators’ respective UK online GGY bands, similar to the GAMSTOP scheme.
​
GamProtect Ltd will share the fee bands directly with onboarding Operators. This information is confidential, please approach the GamProtect information desk and we will be able to share your fee band with you.
​​
FAQ
​​​1. How can operators ensure consistent Safer Gambling reasons interpretation? Ultimately this will lead to all Participating Operators being impacted by the most prudent Operator.
The trial Participating Operators have developed the below flowchart to guide Operators’ operation/safer gambling teams to consistent interpretation and application of the agreed Safer Gambling reasons.
​​​​​​​​​​​
​
Trial participating group also agreed on the following minimum list that Operators’ operational/safer gambling teams must also consider before registering a customer onto GamProtect:​
1. Have the customer’s claims been verified as genuine?
2. Does it fall within one of the agreed safer gambling reasons?
3. Will this customer’s account be closed on a permanent basis?​
2. Given that we are now using health related terminology and as a basis - does the industry believe that we are qualified to make such “health/medical” related decisions?​
Participating Operators only take action if the customer at risk of health-related problem gambling states that they fall into the Safer Gambling reasons clearly outlined in the DPIA. To be clear, Participating Operators are not required to make medical or health diagnoses. The principles for this use case are clearly outlined in the Data Sharing Agreement which Operators will sign.
Closing Operators can demonstrate considerations behind their decision through their customer interaction with the customer up for consideration for registration onto GamProtect Customer communication.​
3. Are Operators obliged to inform customers they have been added to GamProtect for up to 40 years?
The Closing Operator is obliged to inform customers they have been added to GamProtect at the point of account closure. Detailed information of what the closing Operator must communicate to the closed customer is outlined in the DSA which Participating Operators will sign.
There is no requirement for Receiving Operators to inform customers that their accounts have been closed, although the receiving operator may choose to do so at their discretion. This is again outlined in the DSA.
​
4. When do Operators communicate to customers they have been registered onto GamProtect? Is it before they have been formally registered, or after?
Generally speaking, communication with the closed customer happens at the time
that they are registered, which can be momentarily before or after their data is pushed to GamProtect. Some of the trial Participating Operators have an automated flow whereby as soon as the operator flags the customer it triggers an automated flow that uploads the data and sends the communication out.
To be clear, the customer will not be given an opportunity to object to being added to GamProtect before the Closing Operator formally adds them onto the register. GamProtect is an Operator led process where the participating Operators take a decision and add customers onto the system. Allowing customers to challenge their submission to the scheme would be, in effect, allowing them to self-subscribe to the scheme which is the opposite of the principle enshrined in the scheme (that Operators make these decisions). Complaints will be monitored as part of Management Information to the number of challenges to a customer’s submission to the scheme.
5. Use of language on the privacy notice, GamProtect website and operators’ T&Cs should be consistent. How will this be managed?
Messaging will need to be carefully managed and must be consistent across all participating Operators, and therefore agree to host all relevant information centrally on the GamProtect website. The website will be managed by Tutelar Ltd and any updates to website content will be approved by GamProtect Ltd. Operators should reference the GamProtect website on their T&Cs. GamProtect website - www.gamprotect.co.uk​
6. What if the customer disagrees with the Operator’s decision to register them on GamProtect? Where does Operators making a decision stand in line with the Commission’s guidance on allowing customers to challenge restrictions?
The closed customer can contact the Closing Operator if they disagree with the Closing Operator’s decision to add them onto the GamProtect register. If the Closing Operator ceases to exist, then the closed customer can follow the redress process with the Participating Operator that they choose to access services with.
As GamProtect is currently not a regulatory requirement, the only other recourse is through the courts if the customer chooses to pursue it.
7. One big assumption this current design makes is that Closing Operators will all still be in business in 40 years’ time, which is highly unlikely. How do customers get removed when the Closing Operator no longer exists?
If a participating Operator ceases to exist or no longer participates in GamProtect, the closed customer can instead follow the redress process with the Participating Operator whose gambling services they wish to access.​
8. What is the logic behind the retention period?
The trial participating group worked with the ICO to develop the data retention period. The decision on data retention is based on the length of time necessary for the purpose for which the personal data is processed. The decision was made in the context that the people whose data will be shared in GamProtect are at the highest risk of suffering gambling related harms.
The initial active period of 5 years mirrors GAMSTOP. The recommended self-exclusion duration is from 6 months to 5 years. Given the severity of the specific use case, the view is that closing the affected customers’ accounts for a duration of a minimum of 5 years strikes a proportionate, reasonable and fair balance in restricting that person’s ability to gamble in accordance with UK GDPR principles. This 5 year period provides social responsibility protection and is necessary to enable an individual to deal with their Safer Gambling Reasons. The GC considers it important that self-exclusion schemes are as effective as they can be for those who wish to abstain from gambling for a significant period of time. 5 years is also the most popular exclusion time period Customers opt for in the existing GAMSTOP solution.
The further active period of 35 years mirror case law – R (C) v Northumberland County Council [2015].
Furthermore, the purpose of this initiative is to prevent gambling related harm. People who are the most at risk of suffering gambling related harm can be at high risk for potentially their entire lifetime.
At the end of the active period, data is retained for a further 7 years for record keeping purposes.​​
9. Will these players not move house, get a new email or phone number within 40 years?
Operators are encouraged to submit new registrations of customers who are already on the GamProtect register if they receive new Personal Data of the customer.​​
10. Customer stating they should not be gambling due to health issues - that may be correct at the time. But what of consumers who should not be gambling due to medication, health etc that are then later no longer afflicted by the same issues. Health-related problem gambling can be temporary. Should these users be blocked for 40 years?
Customers who believe they were wrongly added to GamProtect have a right to object at any point, including during the initial 5 year period. During the 35 years further active period, customers who believe they are no longer afflicted by the same issues can request to be removed from GamProtect by following the Closing Operator’s redress process.
If Participating Operators, as part of their SG interaction, believe that a customer is suffering from a temporary condition then they can triage different outcomes such as self-exclusion and time outs for an extended period of time.​​
11. When an Operator integrates into this service does it start matching customers from that day forward or does it try to do it retrospectively for people previously added by pilot Operators or other Operators who connect earlier?
When an Operator integrates onto the service, it will start matching the Operator’s customer data base against the GamProtect register (which includes customers previously added by trial Participating Operators). They can be matched via batch (every 24 hours) and/or ping (real time) matching service.
Batch allows the operator to check against their entire customer database so customers who have been registered but have not recently interacted with gambling applications/services can also identified. Ping is done as part of the real-time customer journey and triggered during events such as sign-up, login and updating of details.​
12. Is the GamProtect service related to GAMSTOP in any way?
GamProtect is run by Tutelar Limited. GAMSTOP is run by the National Online Self Exclusion Scheme Limited (NOSES). NOSES was selected by trial Participating Operators as the chosen technology provider to provide the data sharing mechanism for the SCV. Tutelar Limited was then set up as a separate entity, which is completely segregated from the personal data processed for ​​
13. Why was GAMSTOP not used – why is there a new system?
Participation in GAMSTOP is a regulatory requirement for licensees, while participation in GamProtect is voluntary at this stage. A new system was created to ensure the SCV trial and roll out into full scheme is separated from the regulated GAMSTOP.​
The legal basis under for GAMSTOP is entirely different. The primary legal basis for GAMSTOP is "performance of a contract" where as GamProtect relies on a different legal basis as described in the DPIA. Therefore, it is not possible to auto-enrol GamProtect customers in GAMSTOP given the customers do not give explicit consent.​​
14. Is marketing suppression on customers flagged on GamProtect a requirement?
Given the accounts are closed, we do not expect Operators to direct market to these former customers. If Operators can upload these customers to online campaign marketing suppression filters we would advise they do so.​​
15. You are going to have a lot of customers who have different data sets across their linked accounts as at least 5 of the 6 data points are subject to change. Is the expectation that there is a perfect match of 6 out of 6?
The Operator uses the matching service by passing 6 pieces of Personal Data for the consumer or list of consumers (if they are using batch) that they wish to check. The matching engine essentially breaks the PII into all the possible combinations ensuring at least 4 fields match.
All matches found for a given consumer are returned back to the Operator in the form of a marker along with the brand who registered the marker.
​​
​