Cookies on the Gambling Commission website

The Gambling Commission website uses cookies to make the site work better for you. Some of these cookies are essential to how the site functions and others are optional. Optional cookies help us remember your settings, measure your use of the site and personalise how we communicate with you. Any data collected is anonymised and we do not set optional cookies unless you consent.

Set cookie preferences

You've accepted all cookies. You can change your cookie settings at any time.

Skip to main content
Back to full FOI list

Data protection risks as a result of remote compliance assessments

Request date
12 January 2023

Outcome
Information not held

Document actions
Print or save

Request

Please provide me with:

  • a copy of the data protection impact assessment(s) or other documents or records (including any board minutes discussing the same) produced by the Commission (or on its behalf) that record the Commission’s identification and analysis of the data protection risks that arose as a result of the introduction of remote compliance assessments in or around 2015; and

  • any documents or other records that describe or discuss the controls that were put in place to minimise data protection risks arising from the use of remote compliance assessments.

I would like you to provide this information in PDF or Word format.

Response

Thank you for your follow up request, which has been processed under the Freedom of Information Act 2000 (FOIA).

In your email you have requested:

  1. a copy of the data protection impact assessment(s) or other documents or records (including any board minutes discussing the same) produced by the Commission (or on its behalf) that record the Commission’s identification and analysis of the data protection risks that arose as a result of the introduction of remote compliance assessments in or around 2015; and
  2. any documents or other records that describe or discuss the controls that were put in place to minimise data protection risks arising from the use of remote compliance assessments.

As previously stated, the Information Commissioner’s guidance on DPIA states: You must do a DPIA for processing that is likely to result in a high risk to individuals. This includes some specified types of processing’. Our view is that the remote compliance assessment did not meet this threshold and does not include any of the specified types of processing to require a formally completed DPIA.

Following a review of our records, including Board papers and minutes dating back to 2014, I can confirm that no recorded information falling within the scope of your request is held by the Commission.

The information you have requested would have been discussed within the Commission as indicated, however, it would not have necessarily generated recorded information. Indeed, it may have only been discussed verbally.

Review of the decision

If you are unhappy with the service you have received in relation to your Freedom of Information request you are entitled to an internal review of our decision. You should write to FOI Team, Gambling Commission, 4th floor, Victoria Square House, Victoria Square, Birmingham, B2 4BP or by reply to this email.

Please note, internal review requests should be made within 40 working days of the initial response. Requests made outside this timeframe will not be processed.

If you are not content with the outcome of our review, you may then apply directly to the Information Commissioner (ICO) for a decision. Generally, the ICO cannot make a decision unless you have already exhausted the review procedure provided by the Gambling Commission.

The ICO can be contacted at: The Information Commissioner’s Office (opens in a new tab), Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF.

Information Management Team
Gambling Commission
Victoria Square House
Victoria Square
Birmingham B2 4BP

Is this page useful?
Back to top