If you have a question about your gambling, or the gambling of someone close to you, our FAQs from gambling consumers during lockdown may provide valuable information.
Try the new Gambling Commission website we're working on, and give us feedback.
Skip to main content

Personal information charter

This charter sets out the standards you can expect when the Gambling Commission asks for, or holds your personal information.

Types of information we hold

We hold both personal and non-personal information on a variety of databases and systems.  This information is used to perform our statutory duties, carry out our regulatory activities and keep information up to date. We also hold information that allows us to perform support services such as finance and human resources.  

How our information is managed

We have an information management system in place, based on the principles and methodology of the ISO 27001 standard for information security. We also hold Cyber Essentials and PCI-DSS accreditations. We have robust measures in place to protect the information we hold, and to ensure the confidentiality, integrity and availability of our systems and the information they hold.

Personal data

The Data Protection Act (2018) regulates the use of information relating to individuals. This  was extended by the Freedom of Information Act (2005) to include information stored on non-computerised systems.  The Data Protection Act is enforced by the Information Commissioner's Office (ICO), and like all organisations that process personal data we must comply with this.

A full copy of the Data Protection Act is available on the ICO's website, however best practice to comply with data protection regulations can be set out in eight principles to ensure information is:

  • 1. fair and lawful processing,
  • 2. processed for limited purposes,
  • 3. adequate, relevant and not excessive,
  • 4. kept accurate and up to date,
  • 5. not kept longer than necessary,
  • 6. processed in accordance with the individual's rights,
  • 7. secure, and
  • 8. not transferred to countries outside European Economic area unless the country has adequate protection for the individual.

We are committed to complying with the Data Protection Act, particularly with the rights of Data Subjects. We have published our Data protection policy statement.

To make a subject access request or to exercise any other rights under the Data Protection Act, email us or write to:

The Information Manager
Gambling Commission
Victoria Square House
Victoria Square
B2 4BP
Fax: 0121 230 6720

If you are unable to place your request in writing please contact us.