Andreas Henriksson
Internal IT Manager
Paf, a public gaming company established in 1966, sets the standard for responsible gaming across Finland, Estonia, Latvia, Spain, and Sweden. As their operations expanded, so did the amount of sensitive data they had to manage. Recognizing the importance of data protection for maintaining customer trust and regulatory compliance, Paf turned to Virtru for a robust, scalable, and user-friendly data protection solution.
Virtru empowered Paf to:
Managing a gaming platform is a delicate task. Paf not only oversees game logistics and payouts but also takes active steps to safeguard player well-being and prevent financial harm. Part of their commitment to doing right by their customers also includes the safeguarding of sensitive data, including personally identifiable information (PII).
“We’re in the forefront when it comes to responsible gaming,” said Andreas Henriksson, Internal IT Manager at Paf. “Our approach to data security might be related to that. We are committed to the well-being of all our players, not just those who may face gambling issues. We take a proactive approach in ensuring a responsible and safe gaming environment for everyone. Over the past few years, we have implemented maximum loss limits that will shut down an account when it hits that threshold. When we see that the players are moving toward that limit, we act and proactively contact the user, and so on. Since we implemented the first loss limit back in 2018, we have been lowering the limit almost every year and we have also implemented targeted lower loss limits for our young customers. And, in the same way, we have a responsible approach for customer data and PII.”
Virtru has become a cornerstone in Paf's data protection strategy, particularly for securing internal and external email communications and file sharing. By integrating with Google Workspace, Virtru offers an end-to-end encryption solution that safeguards emails and files without disrupting workflows.
“The business units across the organization that handle sensitive data include customer support, HR, finance, and our responsible gaming team. All are frequent users of Virtru. And, of course, It spreads around the organization,” said Henriksson. “I think we have a good cybersecurity culture and a lot of awareness, training, and communication around security. The team really cares about keeping customers' data private and safe, and Virtru helps us do that.”
From customer financial information to employee medical records, Paf’s internal teams leverage Virtru's robust encryption solution to ensure this data remains protected at all times.
What sets Virtru apart is its user-friendly interface that makes the complex process of encryption accessible to all Paf employees, regardless of their technical acumen. Virtru's seamless integration into existing workflows has led to high adoption rates across the company, with 95% of their 200 seats using Virtru regularly.
Externally, Virtru's custom branding feature allows Paf to mark its encrypted communications with its logo and branding. This provides additional reassurance to customers who may be unfamiliar with encrypted communications, fostering an environment of trust, ease, and transparency.
Virtru's data protection capabilities extend beyond day-to-day operations, contributing significantly to Paf's compliance efforts. In an industry where adherence to regulations like GDPR and ISO 27001 is paramount, Virtru provides the necessary encryption measures to protect gaming data, meet regulatory requirements, and provide assurances to customers that their data is safe.
Under GDPR’s retention provisions, it's essential for Paf to know where their data is, who's seen it, and to be able to delete it automatically or on demand. Virtru makes this easy, allowing data owners and admins to see who has accessed data, and allows Paf to pull the plug on access or delete the data entirely whenever they need to. This feature doesn't just help Paf keep within the law, it also helps maintain the high level of trust that customers have in them.
Paf's ethical stance on business extends beyond responsible gaming to encompass rigorous data protection. Leveraging Virtru, Paf effectively meets GDPR obligations, demonstrating to customers that their commitment to trust and transparency is uncompromising.
Paf's use of Virtru is not the driver but the enhancer of their data stewardship, setting a benchmark in the gaming industry for holistic customer protection.
