Hello, we are operating landbase casino in Bulgaria. We are keeping customer information at entrance of the casino, we are getting their names, surnames, ID card information with MRZ scanner, and photo. With GDPR what kind of necessary changes we need to do ? Can you please help us to understand.
From your description you are a data controller for the data of your casino customers as well as your visitors. Being a casino and using the mrz scanners you are collecting a great deal of personal data including winning and maybe “high rollers” player profile. You are most likely also processing high quality video surveillance footage from our gambling tables.
So, my conclusion is that the EU GDPR will deeply impact your processing activities and you would need to have a full blown EU GDPR compliance program in force to prove compliance. You would need to focus on : privacy Notices, managing data subject rights, data protection impact assessments, third party compliance, data breaches basically everything.