• Subscribe
  • Magazines
  • About
  • Contact
  • Advertise
Friday 1 August 2025
  • zh-hant 中文
  • ja 日本語
  • en English
IAG
Advertisement
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
    • Africa
    • Australia
    • Cambodia
    • China
    • CNMI
    • Europe
    • Hong Kong
    • India
    • Japan
    • Laos
    • Latin America
    • Malaysia
    • Macau
    • Nepal
    • New Zealand
    • North America
    • North Korea
    • Philippines
    • Russia
    • Singapore
    • South Korea
    • Sri Lanka
    • Thailand
    • UAE
    • Vietnam
  • Events
  • Contributors
  • SUBSCRIBE FREE
  • 中文
  • 日本語
No Result
View All Result
IAG
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
    • Africa
    • Australia
    • Cambodia
    • China
    • CNMI
    • Europe
    • Hong Kong
    • India
    • Japan
    • Laos
    • Latin America
    • Malaysia
    • Macau
    • Nepal
    • New Zealand
    • North America
    • North Korea
    • Philippines
    • Russia
    • Singapore
    • South Korea
    • Sri Lanka
    • Thailand
    • UAE
    • Vietnam
  • Events
  • Contributors
  • SUBSCRIBE FREE
  • 中文
  • 日本語
No Result
View All Result
IAG
No Result
View All Result

Data Driven: Why privacy compliance is key for IRs

Victoria White and Daniela Guerreiro by Victoria White and Daniela Guerreiro
Thu 7 Oct 2021 at 10:57
Data Driven: Why privacy compliance  is key for IRs
33
SHARES
835
VIEWS
Print Friendly, PDF & Email

New data privacy laws coming into effect across Asia, including in mainland China, in the coming months will require careful navigation by the region’s IR operators.

Data has become the new reserve currency for IR operators. The value of capturing extensive information about customers has become critical to overall business performance. The surge in digital activities, from Alipay and WeChat mini-program marketing, to cashless payments, digital reservations and geolocation Wifi log-ins, allows for a huge increase in data collection from new data streams that can help to inform business decisions and improve efficiencies across the IR landscape.

In a service-orientated industry, customer experience and service delivery benefit enormously from equipping front line staff with information on customers’ personal preferences in order to deliver a personalized experience. Equally, back-end CRM management that deploys sophisticated AI and data analytics tools can orchestrate a marketing communications strategy with superior engagement and ROI outcomes.

Data, therefore, has become mission critical for informing decisions throughout the IR business, from inventory management to staffing and marketing strategies. Consequently, the scope of data collection and processing has reached new levels. The majority of this data concerns personal information of customers, visitors and employees, which triggers the requirements of national personal data and privacy laws.

Given the nature of the IR industry, patrons’ personal information has always been considered especially sensitive. Now, new categories of high-risk data are subject to collection, including data generated from digital payment transactions – and prospectively cashless gaming transactions in future – as well as health code tools, such as COVID-19 tracing apps, vaccine passports and test results. With the increased volume and sensitivity of the information captured, data privacy compliance has become a critical business requirement applicable to the vast majority of IR business operations.

INCREASING PRIVACY REGULATION AND ENFORCEMENT

At the same time, the legislation of data privacy has continued to evolve, and regulators in the region have become ever-more active in enacting and enforcing new data privacy laws for the collection and use of personal information. Some of these new provisions have extra-territorial effect, meaning that operators who collect personal information from overseas customers will need to comply with the requirements of the law in the customers’ home jurisdiction in certain circumstances.

CHINA’S NEW PERSONAL INFORMATION PROTECTION LAW

Until recently, China did not have a dedicated overarching personal information law, relying instead on a myriad of sector-specific regulations that addressed standards for personal data processing in certain industries.

The rise of digital services like WeChat have provided an array of new streams for mass data collection.

In August this year, the Chinese Government passed its new law on personal data protection that will take effect on 1 November 2021. The new Personal Information Protection Law will impact the activities of companies that handlethe personal information of Chinese residents – even where the companies are located overseas, or in Macau or Hong Kong. The law, therefore, is not restricted to entities located within mainland China. In fact, overseas businesses that process personal information outside of mainland China will be required to set up an agency or appoint a designated representative within China to handle matters related to personal information protection, and record it with the Chinese authorities. The law also imposes restrictions on cross-border transfers of personal information from mainland China to overseas locations, including Macau and Hong Kong. Certain requirements, such as additional security assessments, protection certifications, contracts or risk assessments, must be fulfilled prior to overseas transfers of data to these locations.

Given that mainland Chinese customers constitute the largest market segment for Macau IR operators, the effect of the new Chinese Personal Information Protection Law on business operations will need to be closely assessed ahead of the effective date on 1 November. In particular, the procedures for collection of personal information through in-market apps, WeChat official accounts and mini-programs, websites and any subsequent overseas transfer to Macau appear a priority for review.

The penalties for infringing the new law are high, including fines of up to RMB 50 million (US$7.7 million) or 5% of the company’s annual turnover for serious offences. Although enforcement of the new law is untested, the Chinese authorities have recently taken an assertive stance on data privacy violations in the technology sector. The Cyberspace Administration of China, the Chinese internet watchdog, found 84 online apps had infringed personal information through over-collection and excessive use in May 2021 and required those operators to rectify their processes within 15 days.

More recently in July 2021, Didi, the ride sharing app, was suspended from app stores in China for breaching data collection and use rules.

The potential fines and impact on operations for businesses is evident for those which fail to comply with Chinese data privacy law requirements.

JAPAN STRENGTHENS PRIVACY LAW REQUIREMENTS

Similarly, Japan has passed amendments to its personal information law that expand the extraterritorial effect of the law to all overseas companies that handle personal information of Japanese citizens, as well as pseudonymously and anonymously processed information, in certain circumstances. The amendments to the Act on the Protection of Personal Information will come into effect on 1 April 2022 and operators with Japan-focused teams will need to determine if they are affected and need to overhaul processes to comply with the updated Japanese law before the operative date.

MACAU DATA PRIVACY ENFORCEMENT

Meanwhile, in Macau recent developments have seen a determined approach by the authorities towards data privacy investigations and enforcement against infringers. In 2020, the Macau Data Protection Office levied fines totaling MOP$12 million (US$1.5 million) against companies for illegal telemarketing activities and use of personal data, and failure to secure the individuals’ consent for use of their data.

The Macau Personal Data Protection Act also enshrines a number of rights for individuals over their personal data, including the right to access, rectify, erase or block the processing of their data in some cases. As individuals’ consciousness of their rights has increased in recent times with a growing awareness of the value of their personal data and need for protection against exploitation, the number of data access, rectification and deletion requests has increased. In view of the potential number of data subjects involved and the volume of data from multiple contact points, the exercise of responding to individuals’ data requests within a reasonable time, as required under the Macau Personal Data Protection Act, demands significant dedicated resources for it to be handled effectively.

When the potential effect of overseas data privacy laws, such as the new Chinese Personal Information Protection Law, that have similar rights of access, rectification and deletion for data subjects is factored in, the volume of prospective data subject requests may rise exponentially and appear overwhelming without additional assistance and manpower.

Macau law also requires that personal data is deleted once the purpose for collection has been completed. With the infinite number of new data streams captured, it is a sizable task to determine and document the retention period for all types and categories of personal data collected, and ensure that all copies of personal data are deleted across the IT systems and on back-up servers once the retention period expires.

In addition, regulation was introduced in 2019 in Macau for gaming-specific data that requires the Macau Gaming Regulator’s prior authorization for the overseas transfer of any gaming-related data (such as betting amounts, bet placements, chip purchase and redemption), which may also include patrons’ personal data (name, nationality). IR operators also have a special duty to implement cyber security management systems and procedures, including to report cybersecurity incidents and potential data breaches to the authorities, under the 2019 Macau Cybersecurity Law as private critical infrastructure operators.

SOLUTIONS FOR THE CHALLENGE

The dramatic rise in the collection and use of data has not generally been matched with a proportionate expansion of the in-house data privacy team, despite the critical nature of data privacy compliance to IR business continuity. To tackle the ever-increasing complexity of the work, new privacy tech management tools have emerged that can support privacy teams to streamline and operationalize privacy management processes. By implementing privacy management software, data can be catalogued on a structured platform and a central map of all personal data stored and used across the business can be created to monitor activities, investigate potential breaches, update records and delete data after fulfilment.

For IRs, a core challenge to date has been the fragmented nature of data ownership across business teams which may hold a slew of separate databases or data sources that operate on various IT systems. A centralized privacy management platform can provide the visibility, automation and record keeping needed to comply with the various national data privacy laws and regulations that apply. Additionally, privacy tools can be incorporated which automate fulfilment of data subject access requests, data discovery and redaction processes, allowing privacy teams to focus on more strategic privacy issues and tasks.

RelatedPosts

Editorial – Better late than never

Editorial – Better late than never

Thu 31 Jul 2025 at 07:13
Angel’s Yasushi Shigeta

Angel’s Yasushi Shigeta

Thu 31 Jul 2025 at 07:08
The Magic Number

The Magic Number

Thu 31 Jul 2025 at 06:41
Rashid Suliman – A road well traveled

Rashid Suliman – A road well traveled

Thu 31 Jul 2025 at 02:45
Load More

“Privacy management platforms are critical tools for large organizations, like integrated resort operators, which have numerous data streams from different sources,” according to Rob Hinson, Greater China Manager of OneTrust, the most widely-used privacy platform.

“These often involve personal data of customers across a variety of jurisdictions, which can simultaneously subject the organization to multiple national data privacy laws. In an ever-changing regulatory landscape, having a tool to manage these obligations – while remaining up to date with the latest regulatory changes – becomes paramount.”

FUTURE OF PRIVACY MANAGEMENT

The adoption of privacy management software and tools can assist with streamlining data privacy management, but selection of the modules and tools must be tailored to the business’s specific data streams, processes and applicable privacy law jurisdictions. Equally, the effectiveness of privacy tech solutions relies on an understanding of privacy issues by employees – not only those in the privacy team but staff throughout the business that have contact with personal data in their roles. Employee training on new data privacy protocols and data management, triggered by the new data privacy law requirements, is also vital so that operators can demonstrate effective implementation of data protection procedures and compliance.

In fact, as customers become increasingly sensitive to personal data use and exploitation, operators can use their approach to personal data management to build a trusted reputation with customers and differentiate themselves from competitors. By providing transparent and user-centric privacy management tools that allow customers to take control and permit use only for genuinely agreed purposes, operators can demonstrate their commitment to respecting the privacy rights of users and putting the customers’ preferences first.

Tags: Current Issue
Share13Share2
Victoria White and Daniela Guerreiro

Victoria White and Daniela Guerreiro

Current Issue

Editorial – Better late than never

Editorial – Better late than never

by Ben Blaschke
Thu 31 Jul 2025 at 07:13

Inside Asian Gaming has in recent weeks been hearing increasing chatter around a possible move by Vietnamese authorities to introduce...

Angel’s Yasushi Shigeta

Angel’s Yasushi Shigeta

by Ben Blaschke
Thu 31 Jul 2025 at 07:08

Yasushi Shigeta, Chairman and owner of one of the world’s largest gaming industry suppliers, Angel Group, sits down with Inside...

The Magic Number

The Magic Number

by David Bonnet
Thu 31 Jul 2025 at 06:41

In this in-depth deep dive into the evolution of the Asian gaming landscape, David Bonnet argues that many regional jurisdictions...

Rashid Suliman – A road well traveled

Rashid Suliman – A road well traveled

by Ben Blaschke
Thu 31 Jul 2025 at 02:45

Rashid Suliman, Vice President of Global Gaming Asia-Pacific for casino solutions provider TransAct Technologies, provides some insight into his unique...

Evolution Asia
Your browser does not support HTML5 video.
Aristocrat
GLI
Nustar
SABA
Mindslot
Solaire
Hann
Tecnet
Tecnet
NWR

Related Posts

Editorial – Better late than never

Editorial – Better late than never

by Ben Blaschke
Thu 31 Jul 2025 at 07:13

Inside Asian Gaming has in recent weeks been hearing increasing chatter around a possible move by Vietnamese authorities to introduce enhanced locals gaming to the market. Although such rumors have made the rounds before, inquires have confirmed that the chatter...

The Magic Number

The Magic Number

by David Bonnet
Thu 31 Jul 2025 at 06:41

In this in-depth deep dive into the evolution of the Asian gaming landscape, David Bonnet argues that many regional jurisdictions have been sucked into believing they can replicate the Macau or Singapore IR model – without access to those cities'...

Singapore’s Casino Legalization Experience: Setting the Standards for Minimizing and Managing Social Costs

ประสบการณ์การทำให้คาสิโนถูกกฎหมายของประเทศสิงคโปร์: การกำหนดมาตรฐานเพื่อลดผลกระทบทางสังคมให้น้อยที่สุด ขณะเพิ่มประโยชน์ทางเศรษฐกิจให้มากที่สุด

by Lau Kok Keng
Thu 10 Jul 2025 at 18:19

บทความนี้จะพิจารณากระบวนการที่ประเทศสิงคโปร์ดำเนินการเมื่อรัฐบาลประกาศในปี พ.ศ. 2547 พิจารณาให้การเปิดคาสิโนเป็นเรื่องถูกกฎหมาย รวมถึงทัศนคติของสาธารณชนต่อประเด็นดังกล่าว และวิธีที่รัฐบาลใช้ในการอธิบายแนวทางการจัดการความเสี่ยงจากปัญหาการพนัน บทความยังกล่าวถึงมาตรการป้องกันที่รัฐบาลได้นำมาใช้เพื่อลดผลกระทบทางสังคมและแก้ไขปัญหาการพนันตลอดจนกา

Singapore’s Casino Legalization Experience: Setting the Standards for Minimizing and Managing Social Costs

Singapore’s Casino Legalization Experience: Setting the Standards for Minimizing and Managing Social Costs

by Lau Kok Keng
Thu 10 Jul 2025 at 18:03

This article will examine the process Singapore went through when the government announced in 2004 that it was contemplating legalizing casinos, and the public sentiment to this and how the government sought to explain its intended management of the dangers...

Your browser does not support the video tag.


IAG

© 2005-2025
Inside Asian Gaming.
All rights reserved.

  • SUBSCRIBE FREE
  • NEWSFEED
  • MAG ARTICLES
  • VIDEO
  • OPINION
  • TAGS
  • REGIONAL
  • EVENTS
  • CONSULTING
  • CONTRIBUTORS
  • MAGAZINES
  • ABOUT
  • CONTACT
  • ADVERTISE
  • 中文
  • 日本語

Welcome Back!

Login to your account below

Forgotten Password?

Retrieve your password

Please enter your username or email address to reset your password.

Log In

Add New Playlist

No Result
View All Result
  • 中文
  • 日本語
  • Subscribe
  • Newsfeed
  • Mag Articles
  • Video
  • Opinion
  • Tags
  • Regional
  • Events
  • Contributors
  • Magazines
  • Advertise
  • Contact
  • About
  • Home for G2E Asia

© 2005-2025
Inside Asian Gaming.
All rights reserved.

  • 中文
  • English
  • 日本語