We like to think that GDPR has been and gone, all the emails have been sent out and customers have either opted in or not for contact. But, what happens if a customer contacts you and wants to see their data – and what can they gather from it?

Well a gamer (Michael) from the UK this month, contacted EA (Electronic Arts) under the GDPR act to see what data they had on him – and the data is impressive. Using the General Data Protection Regulation in the UK, he could go through a selection of the data collected about his sessions playing the game – this also included how much money he spent in game.

For those who haven’t played FIFA recently, in FIFA 17 and FIFA 18 you can buy Ultimate Team Packs, which are a little like sticker packs, you hope for a shiny in amongst the standard stickers. These packs are of course random and you can end up spending a lot to get not a lot.

Over the course of two years and two versions of the game, Michael ended up spending over $10,000 for said packs. The player had this to say about it:

“I took the time to talk to my other half about this,” Michael told Eurogamer.

“We have a healthy disposable income but you can imagine my shock that over the past two years, I had given EA just over $10,000 … If anything, the data EA has provided me has made me realize that FIFA Points are just not worth it and $10,000 will be better spent over the next two years.”

Michaels spending wasn’t the only thing he could see with the GDPR request, he could see all the data that EA had stored on his account. This included marketing emails that were sent to him, when he logged in and out of a session, also goals, shots on target and off and IP addresses.

In a world where a game can create and hold that much information, the process to collate and send it to the end user must be time consuming.

So, is it worth running through a test scenario for your user data, to see what data is needed to be collated and how long it takes – just in case you get a GDPR request?

We hope you found this post useful and interesting, but if you still have questions and would like to discuss security please call us in the office on 01444 250404.