The Regulatory Conflict: UK GDPR vs. UKGC Licence Obligations
There is a permanent tension between data protection laws and gambling regulations in the United Kingdom. Under UK GDPR, organisations must adhere to the principle of data minimisation, which means they should only collect what is necessary and delete it when it is no longer needed. However, the UKGC requires operators to keep detailed records of players to fight financial crime, verify identities, and monitor for problem gambling behaviour. This means a betting site cannot simply delete your data the moment you close your account.
- Anti-Money Laundering Laws: Operators are legally required to keep financial transactions and identity documents for at least five years after your relationship with them ends.
- Responsible Gambling Records: If you self-exclude due to gambling harm, the operator must keep your details on file indefinitely to ensure they do not accidentally let you open a new account.
- The Right to Erasure Limit: Because of these legal obligations, a bookmaker can lawfully deny your request to delete your data if those records are still required for regulatory compliance.