Policy
Data Protection Policy
The Data Protection Policy for the Gambling Commission.
2 - Policy statement
2.1. This policy provides a framework for ensuring the Gambling Commission meets its obligations under the UK General Data Protection Regulation (GDPR) and the Data Protection Act (DPA) 2018.
2.2. The Commission is committed to transparent, lawful, fair and proportionate processing of personal data. This includes all personal data we process about the public, licensees, staff or those who work or interact with us.
2.3. The Commission complies with the 6 principles of Data Protection legislation that require that personal data is:
- processed, fairly, lawfully and in a transparent manner
- used only for limited, specified stated purposes and not used or disclosed in any way incompatible with those purposes
- adequate, relevant and limited to what is necessary
- accurate and where necessary up to date
- not kept for longer than necessary
- kept safe and secure.
2.4. To evidence our compliance with the above principles we shall put in place appropriate and effective measures to make sure we comply with data protection law.
2.5. Compliance with this policy is mandatory and any breach of this policy, operational procedures or guidance may result in disciplinary action.
Previous section1. Introduction - Data Protection Policy Next section
3. Scope - Data Protection Policy
Last updated: 20 March 2025
Show updates to this content
No changes to show.