May 25, 2020, marked the two-year anniversary of the General Data Protection Regulation (”GDPR”). The GDPR strengthens data protection for individuals within the EU. It also addresses the export of EU citizens’ personal data outside the EU, meaning both companies based within the EU and those based outside the European Union that handle EU citizen data must comply with the GDPR. So, whether you have an EU-based small game studio or hoping to release your first game, or a large international studio releasing hundreds of games available for EU citizen, familiarizing yourself with the GDPR is a must.
GDPR checklist for game studios:
– Get consent from your players to use and process their data (for instance, an opt-in box is a common tool used by many companies)
– Draft a clear data protection notice to reflect the data processing activities performed by your game studio
– Make sure you understand the data flows, how your platform receives the data, and which data is personally identifiable information, including but not limited to the player’s name email address, etc.
– Implement adequate technical measures against data manipulation and take necessary measures against fraudulent behavior
– Pay attention to how third parties may access the information you gather and what they are using it for, in order to identify potential risks and avoid possible liability issues
– Add on the website an easy option for players to opt-out in case they want to rely on the right to be forgotten and get data erased
– Keep in mind that countries have integrated GDPR principles into their existing national laws, which means rules could vary slightly country-by-country – aligning with local legal advisors in countries in which the studio is planning to launch the game, is essential.
– Get in touch with a GDPR expert to bring your business fully GDPR compliant before going LIVE with the new game!
In case your studio needs guidance on GDPR compliance, please get in touch with our legal experts.