GDPR Request - What do I do?

Recently got a GDPR right to erasure request from Roblox. Read up on what this means and my rights etc. However, this has complicated my perception of the term “developer” a lot. Roblox, along with other people, have given no indication of what game this data is stored on and I am completely stuck at what I need to do.
I have been given indications that if I was not to comply with the right to erasure within a month, I could possibly be sued or my account terminated. I am incredibly busy and do not have the time to search through 100+ games to find a single piece of data that Roblox should have had a system in in the first place to remove if it was requested. GPDR says business has to keep data protected, not individual people thus they made used IDs public so surely it’s their issue?

Someone please help!
Thanks in advance.


ignore it like 99% of people I know Your best bet is to find what games require the datastore service and have been played by 1k+ people and wipe the ID from those stores.


Just make alternatives ID’s until you find something that isn’t illegal.

1 Like

I have 0 idea how to do any of this stuff. The “information” they give is very vague and I have no idea where to start.

1 Like

In that case I recommend tracking down customer support and requesting their help.


Crazyman32 has made a datastore editor. You can use this plugin to remove the data that the GDPR is requesting to get removed. He has also made a tutorial if you don’t know how to use it.


IANAL, but it is HIGHLY unlikely you will be in any legal trouble for failing to delete this date. The worst case is that your account is terminated/wiped (in order for them to delete the data).

1 Like

Contacted Roblox support and they said I’d be subject to fines from the EU. :confused:

Read @iNoobe_yt’s comment.

You should remove the data, so you don’t get into any trouble.

You should NEVER ignore a GDPR request, this can actually result in you getting in-trouble for ignoring a request from Roblox. As @PMGDesigns mentioned, use a DataStore editor and put the UserId in there and wipe all Data, you could also make a script where you set their data to nil. But whatever you do, DO NOT ignore anything Roblox requests from you.


I wasn’t saying ignore it, I was saying thats what the majority of developers do. hence why I crossed it out.

There was no need to put it at all. Could you edit it out?

1 Like

You still recommended them to ignore it in the first place, you shouldn’t cross it out, delete it from there as an entirety. This is terrible advice, and can get the user terminated.


It seems that a lot of developers probably ignore these requests due to the fact that they are quite difficult to actually comply with.

Any developer who has created dozens, or in many cases hundreds, of games, is going to have an incredibly difficult time finding the “needle in the haystack” that is the single ominous user ID that we are provided with within a DataStore across one of our many games.

I feel like many of us who would like to comply with these requests are deterred by the challenge of doing so.

I’ve created this feature request asking Roblox to provide us with more information regarding the requests, making them actually possible to comply with.


This mostly covers publicly available data. If you have something that any player can obtain, like a player’s high score, then you should erase that data; otherwise, you can somewhat ignore it. All you need to do is remove any associations to this player’s ID in your datastores (or other services if you used them). Any mentions of their profile name is not an issue as it is erased with their account, thus having no connection to them.

It is still better to erase all data if possible.

GDPR covers everything. Delete all the information you have on the user.


I’m saying that, while it covers all data, it’s not the biggest issue if some of it isn’t accessible. If you can’t access it, then you should ask support for help. If they can’t access it, then I doubt anyone can.

This doesn’t solve the issue, but makes it highly unlikely that you will get into trouble. Roblox should make a permanently pinned announcement for programmers to implement a system for automatic erasure in their data storage.

Oh, I misunderstood, but you are correct.
You can only delete what you have the ability to access, if you don’t have the access to delete something there is no way Roblox can expect you to contact support every single time they send you a GDPR message to get them to delete parts of the data.

If you can delete all of it, do it.
If you can’t, then just delete what you can.

If you get bored and want to read up on GDPR’s actual scope the Information Commissioners Office has a page for you.