Skip Ribbon Commands
Skip to main content

The game provider Danske Spil protects personal data according to the EU General Data Protection Regulation

​​​​​​​​The customers must have confidence in the data security that is in place; it is crucial for Danske Spil’s business. Therefore, the game provider is preparing itself for the implementation of the GDPR in order for its customers to trust that their sensitive personal data are protected.

Danske Spil handles huge amounts of personal data, so it is crucial for the game provider that the customers’ data are safe. In addition to the sensitive personal data of their employees, Danske Spil possesses, among other information, the civil registration numbers of online customers, credit card information, and statistics of the customers’ individual game consumption – including sports games like the Oddset and a wide range of online casino and poker games.

That is why Danske Spil has given priority to fulfilling the EU requirements since the GDPR was announced.

”We have always taken data protection very seriously. We handle customer data that are

of a very sensitive nature, so ensuring our costumers’ confidence in us is crucial. This confidence must be maintained as it does indeed form the basis of our business. Confidence cannot be compared, and lost confidence is difficult to reestablish,” says Phillip Badstue, Head of Data Security at Danske Spil.

Mapping of all the data flows

As a first step toward meeting the EU GDPR, Danske Spil has cooperated with NNIT with

a view to mapping the data flow of the organization. During this process, a wide range of key employees working with critical data have been interviewed in order to reveal all of the touch points with personal data.

”We have mapped every touch point across the organization. As the GDPR has a huge impact on our business routines and future projects, we have given priority to having our own employees participate in the process. By actively cooperating with NNIT and not just outsourcing the process, we ensure that, afterwards, we will be able to continue the requirement-related work on our own,” says Phillip Badstue and he continues:

”The mapping has enabled us to identify the areas that are to be focused on. Now, we know the life cycle of all of the personal data from their first appearance with us, and we know how they move, both internally as well as externally. All of the data are now searchable

at the flow level and data type level, which enables the launch of targeted measures that improve safety even further”.

Personal data security should be incorporated in the entire business

Danske Spil’s high ambitions will impact the game provider’s future projects and the organization’s numerous suppliers, including technical providers of online games and services beyond the core business.​​​

To combat compulsive gambling, Danske Spil has recently started cooperating with psychologists in order to develop an algorithm that detects the beginning of gambling addiction in customers. If, based on a customer’s gambling pattern, gambling addiction is suspected, the system will issue a notification and Danske Spil will contact the customer concerned by making a ’care call’.

After the data flow mapping, Danske Spil has chosen to encrypt data concerning customers with a gambling disorder in order to ensure the best possible protection of their privacy.

”The GDPR has a significant impact on our business and involves an obligation for us to rethink several of our projects. We have clearly defined requirements to our suppliers in order to ensure the protection of our customers’ data, no matter where they are processed.

​We must be able to guarantee data safety and confidentiality for our customers, but as the game sector and technologies develop continuously, this effort will never be achieved once and for all,” says Phillip Badstue.