TIGA publishes GDPR guide

By January 11, 2018Press Releases

TIGA, the trade association representing the video games industry, has published a guide to the General Data Production Regulation (GDPR). It is designed to give the video games industry an insight into the upcoming changes to data protection law.


The GDPR will supersede the Data Protection Act 1998 when it comes into force on 25 May 2018. It will introduce tough fines for non-compliance and give individuals more of a say over what organisations can do with their data. As the industry is uniquely positioned at the juncture of digital business and consumer engagement, the new set of regulations will undoubtedly have an impact on the way video games developers do business.

The document, produced in partnership with law firms Stevens & Bolton LLP and Kilpatrick Townsend & Stockton LLP, explores the main issues behind GDPR.   For a copy of the document, please contact Suzi Stephenson at: suzi@tiga.org


The GDPR contains proactive accountability requirements for both data controllers and data processors.

Data processors:

The GDPR contains new obligations on data processors, which include the responsibility to implement appropriate security measures when processing personal data on a data controller’s behalf.

Right to be forgotten:

A new “right to be forgotten”, or “right to erasure” allows individuals to request that their personal data is erased “without undue delay”.

Data breach notification

Breaches posing high risks to individuals must be notified to the regulator and (unless steps have been taken to encrypt the data or otherwise minimise the risk) to the affected data subjects, possibly through public communication in some cases.

Data Protection Officer (DPO):

Certain businesses (who regularly and systematically monitor data subjects or process sensitive personal data, including that relating to criminal convictions and offences, on a large-scale) will need to appoint an expert data protection officer (DPO) to assist in compliance with the relevant obligations.

Penalties for getting it wrong:

The maximum fine for data controllers and data processors for serious breaches of the GDPR is EUR 20 million or 4% of annual worldwide turnover in the previous year, whichever is higher.

Dr Richard Wilson, OBE, Chief Executive Officer at TIGA, stated:

‘Video games companies will need to ensure that their practices are compliant with GDPR by 25 May 2018. The gaming industry is very diverse, which inevitably means that there is no ‘one size fits all’ approach to GDPR compliance. We trust that games businesses will find our guide a useful introduction to the GDPR and then take professional advice to ensure that they are compliant with the GDPR.”


About TIGA


TIGA is the network for games developers and digital publishers and the trade association representing the video games industry. Our core purpose is to strengthen the games development and digital publishing sector. We achieve this by campaigning for the industry in the corridors of power, championing the industry in the media and helping our members commercially.

TIGA is intent on building an enduring organisation which continually improves; a business that will make a significant impact on the games industry and so benefit our membership and the wider economy. Since 2010, TIGA has won 24 business awards, an achievement which reflects TIGA’s drive for improvement and to meet best practice.

For more information visit: www.tiga.org

Get in touch:

Tel: 0845 468 2330
Email: info@tiga.org
Web: www.tiga.org
Twitter: www.twitter.com/tigamovement
Facebook: www.facebook.com/TIGAMovement
LinkedIn: http://www.linkedin.com/company/tiga

For further information, you can also contact:

Dr Richard Wilson, TIGA CEO at: richard.wilson@tiga.org