Skip to main content

Sample Data protection impact assessment: Mobile gaming app

Contents

This document is intended as an example of good practice to help companies creating mobile gaming apps for use by children in the UK. It will help you to understand and apply the ICO’s Children’s code, formally known as the Age-appropriate design code. It specifically applies to Standard 2 of the code, which relates to the need for Data Protection Impact Assessments (DPIAs) for Information Society Services (ISS) likely to be accessed by children (under age 18) in the UK. Before starting to review the DPIA sample, you might find it helpful to read the code’s DPIA standard.

The product used in this sample is imaginary, and is not intended to represent an actual product. The product specification developed by Fundamentally Games, from which the DPIA was developed.


This sample DPIA is adapted from the ICO’s DPIA template, and follows the process set out in our DPIA guidance and the code. You should read it alongside the code’s DPIA guidance, and the Criteria for an acceptable DPIA set out in European guidelines.

We welcome recommendations for improvements or other feedback on this sample DPIA. Please email your comments to [email protected].

Guidance: You may find it helpful to use the ICO’s design guidance, which includes gaming worked examples of the data privacy moments and age-appropriate mindsets. These worked examples are based on the product specification developed by Fundamentally Games and can help you identify what data you are processing and any risks associated with the processing.

Name of controller: The Mobile Game Company
Subject/title of DPIA: Cooking Numbers mobile app