This document describes a GDPR learning game that can be deployed by organizations to drive GDPR awareness. The game takes 20 minutes to complete and places GDPR content into a familiar board game structure. It combines learning and testing to introduce key GDPR concepts and principles in an engaging way. Developing the customized game takes about 8 weeks. The game helps ensure all staff understand personal data protection under GDPR and provides evidence of training to regulators.

1. GDPR learning game
An easy-to-deploy solution for driving
GDPR awareness throughout your
organisation.

2. 14/11/2017
It’s time to act!
On 25th May 2018, the GDPR changes come
into force.
The General Protection Data Regulation, or
GDPR as it’s more commonly known,
represents a significant change in how data
will be handled around the world
It’s on every CEO’s agenda. Why?
Not only does non-compliance have the
potential to result in hefty fines for breaches,
there is also serious reputational risk if an
organisation is deemed to demonstrate poor
practices in the eyes of its customers.

3. 14/11/2017 3
Lumesse Learning is already helping
organisations de-mystify GDPR.
Clients are using our ready-to-go
compliance game framework, and
together, we are populating it with
relevant GDPR content that will:
• Help all colleagues understand
the key principles of personal
data protection under GDPR
• Explain good data protection
practices
• Provide the regulator with
evidence that you have trained
all your staff in GDPR.
So why are you
reading this?

4. Our solution
In collaboration with our
clients, we place GDPR content
into a 20-minute learning
experience based on a familiar
board game structure.
The module combines the
learning and testing into one
experience, meaning:
• This approach reduces seat
time and focuses learners on
key messages and actions
• It also provides a clear and
concise introduction to
GDPR, and positions its
application in practical
situations that everyone can
relate to.
4

5. “Two-in-three organisations now take
time up front to make compliance
learning materials as engaging and
memorable as possible.”
“…38% are using games and simulations.”
Towards Maturity report: Excellence in Compliance Training
Why a game?
5

6. • Because this product and its
technical framework and
mechanics already exist,
project timelines are reduced
and May is just around the
corner
• It roots the learning in
dilemmas and scenarios
• Learners get to build and
apply their understanding of
the content
• The game provides a proven
approach for tracking scores
and reporting on
completion/non completion on
learning management systems
• It is enabled for tablets
• It has been fully designed for
future translations.
Further
rationale
6

7. Game overview
Upon launching the game, learners are provided
with a short explanation of what they need to
do and why. Key aspects of the game are:
 Learners travel the world and face typical
scenarios about GDPR and personal data
protection
 They have to answer questions and try to get
them right to complete the game
 If they get questions wrong, they have to
seek help from the Global Data Protection
Team
 Along the way, they take advice from the
Chief Privacy Officer and find out the latest
news from the regulator
 A colleague also chips in with questions
 When learners complete the game
successfully, they are GDPR Champions!
7

8. 8
Key elements
of the game
START
Intro to the
module
How to play
the game
Scenario:
Reporting
incidents
Colleague
Asks
Q
NEWSFLASH
Q1
Q2 Content
Global
DP Team
Q3
Scenario
introduction –
your boss has a
business
problem you
need to
address.
Sometimes, your
colleague asks
you a snap
question relevant
to GDPR.
You’ll also sometimes
get a news story from
the regulator pop-up
on your mobile phone.
Chief Privacy Officer
briefs you on the key
concepts.
3x questions on
the scenario.
Score points if
you get a Q right
first time.
See the
Global DP
Team if
you get a
Q wrong.
These are
randomised
questions about
consequences of
breaches. These are
not scored but you
must answer
correctly to
continue in the
game.
This Q is
not scored.
SCORE: The 12
scenario questions
are scored.
Achieve an overall
score of 80% to
become a GDPR
Champion.
8

9. Game intro screens
9

10. Learners move round the board
and answer scenario questions at
each stopping point.
They always get the chance to
view guidance from the Chief
Privacy Officer – this is essentially
the learning required in order to
answer the questions correctly.
A badge is added to the place on
the board when learners get a
question right.
The ‘Introduction’ and ‘How To
Play The Game’ areas are always
available.
Progress is also shown by the
percentage score presented in the
bottom left area.
The game board
10

11. Question vs guidance
Having read the background to a
scenario, learners are then presented
with the chance to answer a question.
However, they always have the option
to ‘Ask Nisha’ first before answering.
Selecting Nisha opens a new screen
which presents background learning to
help answer the question. Learners
then return to the question screen.
If they answer it correctly, learners
receive their badge and move on to
the next step on the board – the score
will also improve.
If they answer incorrectly, they got to
see the Global DP Team. They need to
answer a question from the team
correctly to get back to the game.
11

12. Question vs guidance
12

13. Other game
elements
During the game, alerts will appear
on the phone at certain points.
Colleague Asks – This is your
colleague asking you snap questions
about GDPR and personal data
protection. Answer correctly to
continue the game (these questions
are not scored).
Newsflash – The Privacy Regulator
sends you current, relevant news
stories relating to personal data
protection breaches.
An example of this from another
client’s version of the game is
shown here.
13

14. 14
The game structure
START
Intro to the
module
Scenario 2:
e.g. Key
GDPR
Principles
How to play
the game
Scenario 1:
e.g.
Recognising
personal data
Colleague
Asks
Scenario 3:
e.g. Rights of
individuals
Scenario 4:
e.g. Good
handling
practices
Q1
Q2 Content
Global
DP
Team
ResultsNEWSFLASH
Q
Colleague
Asks
Q3
Q1
Q2 ContentGlobal
DP Team
Q3
NEWSFLASH
Q
Colleague
Asks
Q Q1
Q2 ContentGlobal DP
Team
Q3
NEWSFLASH
Q1
Q2 ContentGlobal DP
Team
Q3

15. Kick off
Technical Specification
Design Workshop
Concept Breakdown
Wireframe version 1
Wireframe version 2
Art Direction
Production
Alpha release
Beta release
Final release
End-to-end testing
Go live
Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8
How long does it take to build?
This project typically takes around 8 weeks to deliver. Note that this is also dependent on availability of your stakeholders for key review dates.

16. 14/11/2017 16
• A laptop or tablet
• Browser versions of Internet Explorer 11,
Chrome or Firefox
• Access to a learning management system
that runs SCORM 1.2 packages
• That’s it!
What do you need
tech-wise?

17. Like what you see?
CONTACT
Carl Crisostomo
Key Account Manager
carl.crisostomo@lumesse.com
www.lumesse.com
If you want to see the game framework in
action, simply get in touch.
All we need from you to get your game up
and running is a budget and a content
expert to help us populate the game with
your take on GDPR in your organisation.
Our learning designers and games team will
take care of the rest.