If they know it's personal data and handle it accordingly it might be ok.
What if the user submits personal data without being expected to? For example, I have to enter a nickname on online game before starting to play, what if my nickname is my full name and home address? Now they unknowingly store PII without a privacy policy. What should the company do in this case?
What if the user submits personal data without being expected to? For example, I have to enter a nickname on online game before starting to play, what if my nickname is my full name and home address? Now they unknowingly store PII without a privacy policy. What should the company do in this case?