How Our Platform-as-a-Service Complies with EU’s General Data Protection Regulation

General Data Protection Regulation or GDPR is a regulation in EU law on data protection and privacy for all individual citizens of the European Union and the European Economic Area. It started being implemented back on May 25, 2018. The GDPR not only applies to organizations located within the EU but also applies to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU “data subjects” which refers to your users who reside in the EU. As the EU is a big market for the gaming industry, this applies to nearly every game studio and publisher who process the player data. That’s why it is important for our platform to be GDPR compliant, so our platform can serve and protect the EU player’s data.

We have two main features that help our platform comply with GDPR, the personal data download request, and the personal data deletion request. The personal data download request allows the player to request all data that our platform stored and used. The player can also download a copy of their data from our platform by going into the My Account page and select the “Personal Data” sub-menu. After that, the player enters their password before requesting their personal data download. The moment our platform receives the download request, our platform will start collecting data related to the player across all our services, such as the account information, login history, order history, etc. Once it is ready to be downloaded, the player will be notified through email. After the player returns back to the “Personal Data” page, the player can download the file by providing a password again to make sure it is the same player who requested it initially. If the password checking completes, then the browser will start downloading the file. Here, there are several screenshots that show the player experience through this scenario.

In order to request for personal data, a player is required to enter their password as a verification process. This process will both verify the player as well as confirm their intent to request their personal data.

An email notification saying the data is ready to be downloaded.

Once requested, the platform will work to collect the most current set of the player personal data. Once the file is ready, the player enters their password and downloads it.

Similar to the personal data requests, personal data deletion also requires the player to provide their password for both verification and confirmation of intent. As described, deletion is a permanent action and can not be undone. Once requested, all of the personal data will be obscured in the platform. Here, the record of the user actions on the platform will still exist, but all of the personally identifiable data will be scrubbed.

We understand that sometimes the player changes his/her mind and wishes to cancel the account deletion. Here, the platform provides a way to do that through a cancellation prompt when the player tries to log in within the scheduled deletion process timeframe.

For both features, our platform provides a way for the game publisher or game studio to see and monitor the request status so the admin will be aware of all requests coming in and can cancel the requests if the player wishes it.

Admin dashboard for monitoring personal data download request.

Admin dashboard for monitoring account deletion request.

Reach out to us at hello@accelbyte.io for inquiries or any questions.