The GDPR and its financial impact on local gaming companies : an analysis

Abstract

PURPOSE: The principal aim of this study is to analyse the financial impact the implementation of GDPR had on local gaming companies by examining the changes and investments Operators made to be compliant and the attitude of Regulatory Bodies, Finance Executives and Compliance Executives towards the change from the DPD. Finally, this study also analyses the benefits and the costs of implementing the requirements emanating from GDPR. DESIGN: In order to achieve the above mentioned objectives, a qualitative mixed methodology was adapted. A total of fourteen semi-structured interviews were conducted with regulatory bodies, finance executives and compliance executives. FINDINGS: The findings indicate that the requirements emanating from the GDPR were burdensome to Operators, especially those which were incompliant with DPD. The shift to GDPR was necessary as the DPD did not manage to keep abreast with the technological innovations throughout the years. The GDPR provides a competitive advantage and an increase in consumer trust, however it is still perceived as a burden. Finally, the GDPR increased awareness and tied in with other regulations which Operators have to comply with. CONCLUSIONS: This study concludes that not all Operators prioritise the security of personal data especially as the GDPR did not increase consumer growth. Furthermore, due to lack of resources, the IDPC fails to provide sufficient awareness about data protection. Finally, the gaming industry has not yet reaped the benefits. IMPLICATIONS: This study acknowledges the need of increasing awareness about data protection in Malta and decrease the number of data breaches by ensuring that Operators invest in information security systems. Furthermore, this study analyses the costs of implementing the requirements and the benefits of GDPR.