Expected news first: I haven’t found time to even start re-writing the site, so the creaky cobbled together version that has been in use since forever will be needed again – I’ll complete some tests to ensure it all still works in the next few days, ahead of a launch sometime in the last week of the month. I have also found to time to acquire the Advent Calendar and I now know what objects will be appearing this year. I might do a post to “unveil” them as if they were celebrities on a reality TV show over the weekend!
Here in the EU (technically still correct) a thing called GDPR came into effect in the last 12 months. I am not a data protection expert by any means but I hope I am sensitive to it. A friend for whom GDPR caused a considerable amount of work advises that I am all good and compliant here so that’s great, but it has got me thinking about what data I hold on all the players and if there are any issues as a result.
So all players willingly gave me their details in order to play – that’s important. I’ve never sent emails to non players, and if a player ignores their “welcome email” one year then they don’t receive another until they themselves ask to play again. I’m happy with this system especially as it is entirely manual – there’s no chance of this website sending rogue emails. At all.
Email addresses aren’t even stored in the website database – they are all in my Gmail contacts book. So yeah, in theory a breach at Google could cause problems, but I’d say that that problem wouldn’t be mine. But I think I could possibly do better with what data I do storeL I’ll explain. Here’s a snapshot of what I have for each player:
The two id numbers are assigned by the site for administrative reasons so don’t represent any meaningful personal data. Forename and surname though do, and it has always been a policy to change these upon request – hence why, for example, “Lord Byron” was a player last year. I’ve debated changing to online handles but I like the names thing – if you prefer your real names not to be used then get in touch and we can come up with a suitable alias!
Gender is stored and is essentially binary (the field stores either F, M or X) – its only use is for the news feed to determine whether player has changed his/her/their guess. I think this is unnecessary data (albeit arguably harmless) to have stored and will remove that before the competition starts. Nationality is an odd one and dates back to the first couple of instances of the competition where the website, aping F1 on-screen graphics, displayed a player’s nationality. That’s all it did. Unless you played on those first few competitions the data held against you in that field will be blank in any case. Will definitely be removed for this year.
The final bit of data in the database is star-sign data for each player – this has long been the basis for a “teams championship” and I guess is somewhat traditional now. I really don’t know where I stand on this data – it would help narrow down a players date of birth to within a month but not any particular year. It absolutely does represent personal data and arguably data I don’t need too, but (based on the fact that it has to have been volunteered willingly) it’s data I think I can argue I need and I am happy to keep it. Obviously I can and will delete it on request – the site already handles the data not being present and so there’s no major dramas here.
The last thing I have a silly 200×200 profile picture for competitors, stored off database in a folder on the web server. These were brought in to make player profile pages a bit less intimidatingly statty, but otherwise serve no real purpose. They aren’t present for every player and are several years old for some. Ashamedly I think I acquired them without consent in many cases so I think I know what needs to be done here. They’ll be removed before the start of the competition this year.
If you have any opinions or worries regarding the data I have on you and how I use it, please do get in touch. 16 days to go!