GVC Holdings is one of the largest groups of sports betting and gaming in the world, operating across 20 jurisdictions with more than 24,000 employees across five continents. They operate some of the industry’s most popular sports betting, casino, poker, and bingo platforms, including Ladbrokes, Coral, Bwin, Eurobet, PartyPoker, PartyCasino, and Foxy Bingo.

At GVC, privacy is about going beyond regulatory compliance and is about respecting and protecting their customers, a value that is especially key in the gambling industry. Implementing an efficient privacy program that brings together the multiple departments and respects user privacy is a top priority for GVC.

High stakes privacy compliance

The GDPR and more than 120 other regulations provide the framework for GVC’s global operations. Chief Privacy and Group Data Protection Officer at GVC, Andreas Klug, knew that in order to manage their large-scale operations and cross-team collaboration they would need to implement a solution that embedded privacy technology into the company. 

“It is very difficult to comply with 120 plus regulations individually at any given time, so it is important to create a good core set of rules and frameworks that all areas of the organization can follow, allowing the technology and other functions to align,” said Andreas.

Data sits at the heart of GVC’s operations, so properly managing this data is the top priority. GVC knows privacy is not just isolated to the privacy team. They needed a centralized technology solution to integrate privacy across departments, implement Privacy by Design, and ensure that privacy is part of the conversation from the beginning of any project.

“As a technology-based company, data is the new oil, it gives you the power to understand and drive your business. Effectively and appropriately leveraging this information can’t be done with spreadsheets. The processes need to be built into centralized technology,” said Andreas.

Backing the right horse with a suite of OneTrust modules

GVC selected OneTrust’s Assessment Automation, Data Mapping, Vendor Risk Management, DataGuidance and Cookie management modules to centralize their privacy program. 

“Assessment Automation is our go-to for everything, it’s how we create different templates. We use it for our DPIAs, data mapping assessments, legitimate interest assessments, threshold assessments, supplier questionnaires, and more. It’s so helpful to be able to tailor these assessments to our bespoke needs,” said Becky.

OneTrust’s Assessment Automation module has been a crucial component of GVC’s program, adding the visibility that is vital to cross-team collaboration. OneTrust’s Data Mapping module ensures that the information gathered from the assessments is clear and accessible. This improves efficiency and reduces the time taken to produce reports, which helps GVC demonstrate their accountability, particularly when it comes to their Article 30 Record of Processing Activities responsibilities.

OneTrust’s vendor risk management is quickly becoming GVC’s go-to contract management system, enabling the vital collaboration between the privacy team and the information security team. The relevant teams can easily search for a vendor and review the associated information, making the audit process much smoother.

“The access controls and customized views that OneTrust allows within the Vendor Risk Management module are incredibly useful, especially when it comes to auditors. We can allow them to view the data but prevent any data from being extracted,” said Becky.

Andreas finds the OneTrust DataGuidance module a great resource for channeling and streamlining his research. Rather than having to search through multiple resources, the DataGuidance platform provides a reliable and up to date source for all the latest regulatory developments globally. The platform also acts as a useful repository for Andreas’ research, as reports and searches can be saved to be revisited at a later date.

Odds on for success with OneTrust

GVC bet on OneTrust to be its centralized platform for privacy management. The company is continuing to turn to OneTrust for additional compliance modules and is currently implementing OneTrust for cookie compliance.

OneTrust has had a positive impact on GVC’s culture of privacy. Today privacy is top of mind and accessible, thanks to OneTrust. The privacy team doesn’t just consult with different stakeholders, they work together and proactively operationalize their privacy program, also allowing for the collaboration that GVC knew would be key to a successful compliance program.