Personal information charter
This charter sets out the standards you can expect when the Gambling Commission asks for, or holds your personal information.
Types of information we hold
We hold both personal and non-personal information on a variety of databases and systems. This information is used to perform our statutory duties, carry out our regulatory activities and keep information up to date. We also hold information that allows us to perform support services such as finance and human resources.
How our information is managed
We have an information management system in place, based on the principles and methodology of the ISO 27001 standard for information security. We also hold Cyber Essentials and PCI-DSS accreditations. We have robust measures in place to protect the information we hold, and to ensure the confidentiality, integrity and availability of our systems and the information they hold.
The Data Protection Act (2018) regulates the use of information relating to individuals. This was extended by the Freedom of Information Act (2005) to include information stored on non-computerised systems. The Data Protection Act is enforced by the Information Commissioner's Office (ICO), and like all organisations that process personal data we must comply with this.
A full copy of the Data Protection Act is available on the ICO's website, however best practice to comply with data protection regulations can be set out in eight principles to ensure information is:
- 1. fair and lawful processing,
- 2. processed for limited purposes,
- 3. adequate, relevant and not excessive,
- 4. kept accurate and up to date,
- 5. not kept longer than necessary,
- 6. processed in accordance with the individual's rights,
- 7. secure, and
- 8. not transferred to countries outside European Economic area unless the country has adequate protection for the individual.
We are committed to complying with the Data Protection Act, particularly with the rights of Data Subjects. We have published our Data protection policy statement.
To make a subject access request or to exercise any other rights under the Data Protection Act, email us or write to:
The Information Manager
Victoria Square House
Fax: 0121 230 6720
If you are unable to place your request in writing please contact us.