Policy
Data Protection Policy
The Data Protection Policy for the Gambling Commission.
4 - Roles and Responsibilities
4.1. All members of staff are responsible for complying with this Policy and completing mandatory training on an annual basis.
4.2. Specific roles are assigned throughout the Gambling Commission to manage the personal data we process and the associated risks in terms of responsibilities, decision making and monitoring compliance.
4.3. The Data Protection Officer (DPO) is primarily responsible for advising on and assessing the Commission’s compliance with the Data Protection Act (DPA) and UK General Data Protection Regulation (GDPR) and making recommendations to improve compliance. The DPO can be contacted at dpo@gamblingcommission.gov.uk.
4.4. Senior Information Risk Owner (SIRO) is responsible for the implementation and maintenance of security standards across the organisation and for ensuring correct procedures and delegations are in place to respond to security incidents. The Senior Information Risk Owner is the Chief Technology Officer.
4.5. Information Asset Owners (IAOs) have responsibility for data protection compliance related to the information assets assigned to them through the Commission’s Information Asset Register.
4.6. Information Management Team (IMT) provide advice, guidance and training on Data Protection issues.
4.7. Information Champions (IC) provide local support to their teams.
Previous section3. Scope - Data Protection Policy Next section
5. Policy review - Data Protection Policy
Last updated: 20 March 2025
Show updates to this content
No changes to show.