Blog > GDPR. Fantasy Sports, are you ready?
The General Data Protection Regulation (Regulation 2016/679), also known as GDPR, will significantly increase the responsibilities and obligations for online businesses in how they collect and process personal data.
Gaming business, and especially Fantasy Sports, is the area, where the Regulation will be the most active and prominent. Protection of the data and freedom of user’s activity over the different resources is the obligation now, and being ready to that means being in the market.
So, how should you react? How should we react?
With a proud we should say, that before GDPR became an obligation, our engine was almost ready for that. When we started development of the engine (and it never ends, as we continue to upgrade and improve it), we put the main aim of making activity of the user secure, smooth and prominent. Therefore, a lot of requirements of the Regulation are already covered.
From our perspective this is very profitable for our existing partners, as they don’t have to pay for a lot of new work to be done, and for new customers, as they will not pay a lot extra to commit the requirements of GDPR.
What does it mean particularly?
- We store the information about user with association of the date and time of its appearance in the system. That makes it much simpler to access it, show it and operate it right (and even provide that to users on request). And, of course, it allows to remove the data about user for the certain period that is requested.
- We have several deletion tools. Currently, removing the user from the database that is caused by any violation done by user meant, that user should not be able to register in the system with the same credentials. For sure, in the Internet era, that is not always a big deal to pass it easily, however, still stimulated users to use the system fairly (and play fairly). For certain reasons it could happen that profile of the user was still saved in the system, but user was not able to access it. However, in certain cases we allowed to remove the user data from the system completely - so following GDPR requirements, especially in case of user’s request to remove his account, our engine allows to do that.
- Obviously, we continue to protect user’s data using most accurate algorithms and policies - we respect the privacy and try to protect it in the most modern way.
- Our engine is “multi-layered” following the MVC design, and one of the layer there is API and services. This approach allowed to create different clients for one central back-office, like making Fantasy Sports system with web interface and native mobile applications, or be ready for integration to existing systems (online gaming portals that are supplied with our engine for Fantasy Sports contests within their users). API layer includes various user-related options and it can be used for proper data share procedures, that has been already successfully implemented in the projects where our engine was integrated as module into gaming platform or user community.
There are certain other things to be considered, but as far as our team is following modern ways of software design, development and maintenance, the products we deliver already include the most required options from scratch.
Saying that we still insist on consulting with legal experts for your particular product and define the strategy of GDPR compliance with them. We are always gladly assist in solutions implementing to reach the right business targets.