GDPR, I choose you! How the Pokémon Company embraces security and privacy by design

Pokémon Go forced the Pokémon Company International to rethink how it approaches security, and now uses GDPR as an enabler.

gdpr compliance security locks privacy breach
Getty Images

Pokémon is one of the biggest brands in the world. The colorful pocket monsters span dozens of computer games, cartoons, films, trading cards, books, toys and anything else you care to imagine.

2016 saw the release of Pokémon Go, a mobile app that combined geo-caching with basic augmented reality capabilities that brought collecting monsters into the almost-real world. The game exploded – even by Pokémon standards – racking up nearly 800 million downloads and has generated close to $2 billion in revenue.

However, this posed a problem for the Pokémon Company International. The company suddenly went from worrying about which companies should be printing the trading cards or sending out cute plush toys to the liability of holding the personal data of a huge number of children and European Union (EU) residents. That personally identifiable information (PII) presented significant regulatory risk from the EU’s General Data Protection Regulation (GDPR).

The twist here is that the company saw GDPR compliance as a business opportunity—a way to build trust with customers (and their parents). If they could meet the high privacy and security standards set by the GDPR and other global regulations, then the Pokémon Company International could differentiate itself as the safer brand when it comes to protecting PII.

Protecting PII during rapid growth

“Pokémon Go was a bit of a surprise for everyone involved,” says John Visniewski, director of information security and data protection officer (DPO) at the Pokémon Company International. “You don't plan for 800 million downloads. I think the most optimistic estimates when the application was released was somewhere in the neighborhood of 50 to 100 million.”

To continue reading this article register now

Subscribe today! Get the best in cybersecurity, delivered to your inbox.