Lottomatica is part of the International Game Technology (IGT) group, which operates globally in over 100 countries around the world in the sector of technologies, products and services for games. Lottomatica manages a wide range of products that can be accessed online or through a network of more than 90,000 points of sale across Italy, including tobacconists, bars, service stations, newsstands. 

As the Italian gaming leader, Lottomatica’s mission is to lead the evolution of the sector through innovative technologies and responsible actions. Acting responsibly is essential for Lottomatica and is the reason why the company has adopted data protection and privacy management model that allow the principles of the GDPR to be applied within the complex ecosystem of their processes.

In line with this model, the Data Protection Officer (DPO) monitors the privacy management system and guides the choices at an organizational, technological and process level. DPO at Lottomatica, Giovanni Del Lungo, described the main challenge as DPO being leading all of the data protection activities in what is a very complex and constantly evolving context.

The importance of privacy in the gaming sector

Privacy is an integral part of the company’s values and mission. Lottomatica run a wide range of products including lotteries, sports betting, portals and gaming APPs, to electronic money services, and payment transactions. From the integrity of transactional data relating to a payment or a bet, to the confidentiality of data relating to the player on the occasion of a win, to cyber security standards for the digital world, Lottomatica keep data protection and privacy central to their operations. 

“We manage data processing involving millions of people and tens of billions of transactions per year. The principles of security and privacy guide our choices at every level, helping us to continue to strengthen the trust of the people who entrust us with their data,” said Giovanni. 

Onetrust: Translating principles into concrete measures and pragmatic actions

In 2018, as part of a GDPR compliance project, Lottomatica chose OneTrust because they were looking for a simple, agile and innovative product. Choosing OneTrust on the one hand allowed them to have a long-term vision, while on the other hand it allowed them to identify the intermediate steps necessary to quickly offer value to the company and comply with the plans. Through a single and easy-to-use tool, Lottomatica can manage all information and automate activities in support of the data protection & privacy program. 

“The OneTrust solution will allow over 20 teams (focal points of the business units, control functions, etc.) access to simultaneously manage the activities of competence, sharing updated content and collaborating through the different view,” said Giovanni. 

The OneTrust tool allows Giovanni and his colleagues to easily manage frequent business changes related to the organization, and new processes and technologies. Thanks to this simplified management expensive consulting projects are not needed every time there is a change.

In addition, Lottomatica can leverage continuous product updates that allow product innovation and drive evolution in line with global trends.

“The OneTrust platform enables clear communication and effective collaboration between the corporate functions, thus facilitating a broader awareness of risks and feeding dynamic and innovative solutions to link the principles to specific technical requirements,” said Giovanni.

This facilitates the work of the DPO and the other management and control teams; at the same time, it allows a complex and dynamic company like Lottomatica to respond to the challenges posed by the GDPR, such as accountability.

In this sense OneTrust is a solution that enables “simplification” and that works in practice, translating the principles into concrete measures and pragmatic actions.

Privacy by design: A priority for Lottomatica

Among the priorities of Lottomatica’s program, is the implementation of the privacy by design operating model is of particular importance.

Multiple teams focus on the GDPR, including legal, security, and compliance, they monitor all evolutionary initiatives and analyze the impacts of the projects to integrate, if necessary, the data protection requirements.

Teams collaborate using the Onetrust platform, from conception, to development, up to testing and putting the product into production. This helps support digital transformation and innovation programs, promoting a culture of data management based on responsible choices.

This structure also helps the team contribute to the development of simple and transparent products, which allow the user to control the use of their data and the exercise of their rights.

Lottomatica continue to optimize their business model and processes and plan to start using OneTrust’s third-party risk management module to have a 360-degree view and in order to strengthen our supply chain monitoring and verification processes (suppliers, points of sale and agents), integrating them further with the other GDPR processes.