GVC Group

GVC places its bet on OneTrust privacy management software

Low-angle photo of two modern glass building walls intersecting at a corner


GVC Holdings is one of the largest groups of sports betting and gaming in the world, operating across 20 jurisdictions with more than 24,000 employees across five continents. They operate some of the industry’s most popular sports betting, casino, poker, and bingo platforms, including Ladbrokes, Coral, Bwin, Eurobet, PartyPoker, PartyCasino, and Foxy Bingo.

At GVC, privacy is about going beyond regulatory compliance and is about respecting and protecting their customers, a value that is especially key in the gambling industry. Implementing an efficient privacy program that brings together the multiple departments and respects user privacy is a top priority for GVC.


High stakes privacy compliance

The GDPR and more than 120 other regulations provide the framework for GVC’s global operations. Chief Privacy and Group Data Protection Officer at GVC, Andreas Klug, knew that in order to manage their large-scale operations and cross-team collaboration they would need to implement a solution that embedded privacy technology into the company. 


"As a technology-based company, data is the new oil, it gives you the power to understand and drive your business. Effectively and appropriately leveraging this information can’t be done with spreadsheets. The processes need to be built into centralized technology."


Andreas Klug, Chief Privacy and Data Protection Officer


“It is very difficult to comply with 120 plus regulations individually at any given time, so it is important to create a good core set of rules and frameworks that all areas of the organization can follow, allowing the technology and other functions to align,” said Andreas.

Data sits at the heart of GVC’s operations, so properly managing this data is the top priority. GVC knows privacy is not just isolated to the privacy team. They needed a centralized technology solution to integrate privacy across departments, implement Privacy by Design, and ensure that privacy is part of the conversation from the beginning of any project.

“As a technology-based company, data is the new oil, it gives you the power to understand and drive your business. Effectively and appropriately leveraging this information can’t be done with spreadsheets. The processes need to be built into centralized technology,” said Andreas.


"OneTrust is a beacon of light at the moment; privacy technology hasn’t been at play for very long and OneTrust is certainly a pioneer. There aren’t many genuine competitors that can offer this complete solution."


Andreas Klug, Chief Privacy and Data Protection Officer


Backing the right horse with a suite of OneTrust modules

GVC selected OneTrust’s Assessment Automation, Data Mapping, Vendor Risk Management, DataGuidance and Cookie management modules to centralize their privacy program. 

“Assessment Automation is our go-to for everything, it’s how we create different templates. We use it for our DPIAs, data mapping assessments, legitimate interest assessments, threshold assessments, supplier questionnaires, and more. It’s so helpful to be able to tailor these assessments to our bespoke needs,” said Becky.

OneTrust’s Assessment Automation module has been a crucial component of GVC’s program, adding the visibility that is vital to cross-team collaboration. OneTrust’s Data Mapping module ensures that the information gathered from the assessments is clear and accessible. This improves efficiency and reduces the time taken to produce reports, which helps GVC demonstrate their accountability, particularly when it comes to their Article 30 Record of Processing Activities responsibilities.

OneTrust’s vendor risk management is quickly becoming GVC’s go-to contract management system, enabling the vital collaboration between the privacy team and the information security team. The relevant teams can easily search for a vendor and review the associated information, making the audit process much smoother.

“The access controls and customized views that OneTrust allows within the Vendor Risk Management module are incredibly useful, especially when it comes to auditors. We can allow them to view the data but prevent any data from being extracted,” said Becky.

Andreas finds the OneTrust DataGuidance module a great resource for channeling and streamlining his research. Rather than having to search through multiple resources, the DataGuidance platform provides a reliable and up to date source for all the latest regulatory developments globally. The platform also acts as a useful repository for Andreas’ research, as reports and searches can be saved to be revisited at a later date.


"Rather than trying to be everywhere at once, we built frameworks and committees that allow us to be involved in data-driven projects right from the start. OneTrust’s centralized tool is key in achieving this."


Becky Tarrant, Data Privacy Manager


Odds on for success with OneTrust

GVC bet on OneTrust to be its centralized platform for privacy management. The company is continuing to turn to OneTrust for additional compliance modules and is currently implementing OneTrust for cookie compliance.

OneTrust has had a positive impact on GVC’s culture of privacy. Today privacy is top of mind and accessible, thanks to OneTrust. The privacy team doesn’t just consult with different stakeholders, they work together and proactively operationalize their privacy program, also allowing for the collaboration that GVC knew would be key to a successful compliance program.

You may also like


Responsible AI

Unpacking the EU AI Act

Prepare your business for EU AI Act and other AI regulations with this expert webinar. We explore the Act's key points and requirements, building an AI compliance program, and staying ahead of the rapidly changing AI regulatory landscape.

July 12, 2023

Learn more


Consent & Preferences

Live demo: How to automate consent and preference management with OneTrust

In this webinar, we demonstrate how OneTrust Consent and Preferences helps build stronger customer relationships by providing transparency, giving users control over their data use, and delivering personalized experiences.

June 29, 2023

Learn more


Privacy Management

Unpacking the EU-US DPF

In this webinar, we cover the new EU-US Data Privacy Framework (EU-US DPF) and what privacy program managers need to know for post-Schrems II data transfers.

June 28, 2023

Learn more