GDPR?
Posted: Fri Aug 17, 2018 5:01 pm
Had a new player ask if the game is GDPR compliant. Know anything abt that?
Anything unique to a person that could be cross-referenced with another data source to identify that person is 'personal data' (identifiable information). For example, I use my nickname 'VDZ' in other places as well, therefore any information from your databases associated with my name can be associated with other data about me if that other data also has my nickname as identifier, and the more such identifiers you have the worse it gets (add the IPs I log in from and you'll be able to 100% distinguish me from the very few other people using the name 'VDZ'). Personal data includes nicknames, e-mail addresses (you can enter them in in-game for e-mail notifications), Steam IDs and IP addresses. For these kinds of information, you need to properly document how/where it's stored and who has access to it, and if anybody sends you a formal request to delete any data you have about them you need to be able to do so (within reason). If any of this leaks (for example, a game exploit lets people see other players' e-mail addresses) it needs to be formally reported and all affected players must be told about it.GDPR wrote:‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person