Table of contents of the article:
If you have the need to arrange a online sweepstakes you may probably be tempted to create a website and convey it with advertising on the main social channels or through newsletters to your contacts or customers.
Be careful though, arrange a competition with prizes on the internet it is not an operation without bureaucracy and quibbles and attempting the “do-it-yourself” path by improvising as a specialist is not free from risks and administrative repercussions with very high fines.
Online prize competition according to the MISE.
As stated and reported in the reference legislation on the website of the Ministry of Economic Development (MISE):
For all competitions that began on or after August 25, 2010, the obligation to notify the Ministry at least 15 days before the start date of the prize event comes into force. Therefore, if a contest started on August 25, 2010, the communication had to be sent by August 10, 2010. If it starts, for example, on August 25, 2011, it must be sent by August 10, 2011.
The Prize Events Division (X °) of the General Directorate for the market, competition, consumer, supervision and technical regulations deals with the matter.
The Division carries out the following activities:
- Support for regulatory, interpretative and guidance activities on the matter
- Control functions on the correct course of events
- In case of violations, adoption of administrative sanctions (disqualification and pecuniary)
Those who intend to organize a prize event (competitions - operations) will find in this section a virtual support to orient themselves in the procedures: all the info on the procedures.
https://www.mise.gov.it/index.php/it/component/content/article?id=2016511
Referring to appropriate sources such as this article well written, inherently all the legal obligations in the case of a competition with prizes not exempt from obligations, there are purely technical aspects inherent to hosting and hosting provider services that must be taken into consideration in order to have a system that complies with the requirements of the ministry.
Hosting for prize competition
Adequate hosting for an online competition is necessarily based on compliance with some "simple" technological requirements that must be respected in order to be able to emerge unscathed both from a possible assessment by the competent authority and from any problems arising with participants in the game. prizes itself that for any reason, even the most trivial, senseless and unfounded possible, can open a dispute with relative verification of all bureaucratic and technological requirements.
But let's see what are the ideal requirements to be fully compliant if you decide to organize a prize contest.
Qualified Cloud PA / CSP hosting provider.
Although this item may be absolutely questionable from a bureaucratic and technological point of view, it is immediately obvious that organizing a prize competition on a certified and qualified hosting provider for the Public Administration, is immediately the best choice for what concerns the bureaucratic quibbles and itchy doubts about who questions whether or not your non-certified hosting provider is enabled.
For the management of this type of prize competitions for example, we of Managed Server we work exclusively with type C Cloud Service Providers (CSP), qualified by AgID to provide Cloud IaaS services to Public Administrations.
The qualification guarantees that the development and provision of these services are operated according to reliability and security criteria - established by AgID - considered necessary and suitable for the digital services of the PA.
Hosting CISPE Service Declared - Services adhering to the CISPE Code of Conduct for data protection
The Cloud services we have available and collaborate for prize competitions initiatives guarantee certified security and transparency for its users. These services are declared in accordance with the CISPE Code of Conduct - Cloud Infrastructure Services Provider Europe - and are identified by a hallmark that offers customers and citizens the freedom to store and process their data within the European Economic Area. Furthermore, the same brand guarantees that the cloud service provider does not access or use customer data for personal purposes, such as 'data mining', 'data profiling' or direct marketing.
Datacenter ISO 27001 certification
As already explained already in this article in which we explain why we only work with ISO 27001 certified datacenters, working with an ISO 27001 certified Datacenter means being able to count and have a collection of "best practices" that can be adopted to meet the requirements of the ISO 27001: 2005 standard in order to protect information resources; ISO 27001: 2005 is the regulatory certification document to which the organization must refer to build an Information Security Management System that can be certified by an independent body, while the ISO 27002: 2007 standard is not certifiable as it is a simple collection of recommendations.
Territoriality of the Datacenter on Italian soil
Although the territoriality of the Datacenter on Italian soil is an obsolete requirement given the European legislation that equates every European country, having territoriality on Italian soil is a requirement derived from having, as we have seen before, a type C Cloud Service Provider (CSP), qualified by AgID to provide Cloud IaaS services to Public Administrations.
From a purely practical point of view, having a certified datacenter on Italian soil avoids having to run into objections from MISE officials who could question the legitimacy of using a datacenter in another European member state.
Although not a de jure obligation, it is highly recommended de facto in order to avoid and avoid wrong interpretations and bureaucratic delays in the bud.
System level security implementation
At the system level, it is not enough just to have the possibility to operate on an Italian Datacenter with the highest certification standards, but also to be able to work in the Cloud instance in an absolutely safe way. At the system level, in fact, it will be necessary to set up a software configuration as secure as possible, using access control systems, strong alphanumeric passwords, services exposed to a minimum thanks to an adequate configuration and a prevention system such as firewall and IDS (Intrusion Detection System ).
At the filesystem level, a certification of file signatures with MD5 and SHA1 hashing of the customer's application will be produced and issued in the report document sent via PEC to protect the organizer of the prize competition.
Logging and data retention.
Both during the competition and after the competition has ended, we have the duty to log system data, connections and IP of visitors and to keep them with persistent duration. To protect everyone, even at the end of the competition, we carry out a dump of the logs, data and database, and we keep a copy of them for 5 years on secure and redundant data storage systems.
In this way, if there is a request from the judicial authority or a verification by the Guarantor, we will be able to show and demonstrate the conservation of the original data in full compliance with what is requested.
If you need to host your projects for online prize competitions, please contact us, we have relevant case studies and we are able to take care of all the inherent technological aspects in a professional and legally compliant way.
