The 9 best GDPR training games for employees

GDPR training games are a great tool to make sure your employees understand the ins and outs of GDPR. Below, we have collected the best GDPR training games for employees.

1. Guardey: Duolingo for security awareness

Guardey uses gamification to make security awareness training fun. During weekly challenges that take 3 minutes to complete, users learn about topics such as GDPR, malware, phishing, and other important privacy and security-related topics.

Guardey was built on the same principles as Duolingo, using gamification to keep users engaged during training:

• A leaderboard to promote friendly competition
• Achievements to reward users for good performance
• A compelling storyline to place the game in a more realistic context
• Hot streaks to reward regular learning

Pros:

• Easy to set up
• Not time-consuming
• Can be used for long-term training and awareness
• Offers best-in-class gamification

Cons:

• Doesn’t use video, which can be a con for some organizations

Start a 14-day free Guardey trial

2. GDPR Hero Compliance Challenge

Skillcast’s GDPR Hero Compliance Challenge is a GDPR awareness quiz game for mobile and browser featuring 10-question quizzes. Players begin with five lives, giving them five opportunities to complete the game and become a GDPR hero. Each question requires a simple binary response — yes or no, can or can’t, etc., with players winning 10 points for each correct answer.

For a wrong answer, the player is docked one point and loses a life. If the player feels especially confident, they can choose to bet some of their points on the answer for the chance to earn extra points.

Players need 100 points to win, out of a possible 330. The simple gameplay and binary answer format make this an appealing way to gauge a user’s GDPR knowledge. Because the number of points needed to win is quite low as compared to the highest available score, players can make numerous mistakes and still win. This could create a false sense of security rather than encouraging less successful players to brush up on their knowledge.

Pros:

• Simple gameplay.
• Clear questions and answers.
• Free.

Cons:

• Very bare-bones and not particularly engrossing.
• Some images are broken in the browser version.
• Answers aren’t explained, and no training is provided.

3. Data Protection Game

The Data Protection Game from Archimede Solutions is a card game for two or more players. Players are presented with scenarios relating to GDPR and asked a question about the situation, with two possible responses. The game can be played either with physical question cards or online in the browser. The scenarios are realistic and help to highlight specific areas of GDPR compliance. The back of each card supplies the correct answer, along with a clear explanation of the relevant GDPR article.

Because the information is in-depth and relates directly to regulatory requirements, rather than offering a simple right or wrong, this game provides additional training value when compared to more simplistic products. Games take between 10 and 60 minutes to complete, which could make it difficult to fit into a working day. Most people can spare 10 or 20 minutes, but giving up a full hour might be intrusive — particularly if multiple employees are playing together.

Pros:

• Free browser game.
• Free cards (as downloadable PDFs).
• Can be played in person as a team-building exercise.
• Realistic scenarios.
• Answers are explained, providing teaching as well as testing.

Cons:

• Games can potentially be time-consuming (up to one hour).

4. Data Protection by Vinci Works

Data Protection is a browser-based GDPR awareness quiz game. Players take on the role of a new CEO at the fictional DataCorp company. They must make strategic decisions that balance the interests of shareholders with GDPR requirements. For example, could a list of customers who’ve agreed to be contacted by email be used for a telephone campaign? Should data collection be automatic or require customers to opt in? What are the regulatory implications of cloud storage outside the EU? When does privacy take precedence over potential sales?

Gameplay is not complicated: players are presented with a scenario and must choose from two or more responses. They’ll then be told about the outcome of their choice and what mistakes they may have made. If they’ve chosen wisely, DataCorp will see a boost in its share price. Unwise choices can drop the share price and bring down the ire of regulators.

The questions are fairly sophisticated and aimed at those a little higher up in the company hierarchy, but the game will be relevant to all employees whose work might require GDPR awareness.

Pros:

• Thought-provoking and engaging.
• Real-world scenarios make the game more relevant and informative.
• Detailed answers outline the possible consequences of flouting regulations.
• Great for CEOs and those involved in making significant decisions about customers’ data.
• Free to play the demo version.
• Quick to complete.

Cons:

• Limited general relevance.
• The demo only includes a handful of questions.

5. GDPR Sorted

GDPR Sorted from game developer Sponge is a more sophisticated GDPR awareness quiz game than some others on the market. It features level progression and much more visual engagement than similar products. GDPR Sorted can be hosted on an organization’s own learning management system (LMS) or played as part of Sponge’s own LMS, Spark.

The game is optimized for mobile play and will perform well on a range of platforms, including phones, tablets and desktops. Gameplay is based around realistic scenarios that will be relevant to players’ working lives. There are over 150 questions, along with feedback and additional information.

Pros:

• Highly engaging and visually appealing.
• Slick game design from a specialist company.
• Training and testing and evaluation.

Cons:

• Requires Spark or another LMS for deployment.
• Only one free level.

6. Sectricity

Sectricity is a security awareness provider that offer ethical hacking and training services. They created the GDPR Awareness Games to assist end users with regulatory compliance, drawing upon their security expertise. GDPR Awareness Games use gameplay gleaned from popular games (Tetris, memory matching, etc) combined with texts, audio, video and quizzes. Answering questions correctly provides rewards like points, boosts and additional lives.

Players compete to earn the most points and gain the top spot on a leaderboard, creating an incentive to keep playing and do well in quizzes. The game is constantly being expanded with new material and administrators have the option to add their own questions, ensuring that it will always be relevant. The GDPR Awareness Games can be used alone or alongside other training programs, such as an e-learning module from Sectricity.

Pros:

• More fun than the average GDPR training game.
• Wide range of subjects.
• Can be expanded and customized with additional questions and topics.
• Mobile optimized.

Cons:

• Not free.
• Licenses are only available for limited time periods.

7. Gamabu

Gamabu’s GDPR Challenge is an interactive role-playing GDPR training game. Players take on the role of an investigator at a fictional company, assisting the DPO in finding out where the leaks originate and preparing colleagues for a regulatory visit. This engaging format helps to create a more immersive GDPR game.

Players receive plenty of feedback and information, making for more effective training. GDPR Challenge is easy to deploy, connecting to your existing LMS or single sign-on (SSO). Rules and GDPR game material can be customized to an organization’s specific requirements, and users’ learning progress can be tracked from a central dashboard.

Pros:

• Immersive and engaging.
• Customizable.
• Can be connected to your LMS or SSO.

Cons:

• Not free.
• Additional costs for customization and other features.

8. Databoss

Databoss is a strategic GDPR game from Dutch developers Inventive Games. Although it’s aimed at adults, the developers state that this GDPR training game is suitable for ages eight and up. In each game, two to five players must try to collect data and protect it from other players. Data cards can be taken from the cloud (a shared stack simulating cloud storage) or taken from other players using tactics based on real data-handling issues.

Cards are physical, allowing for a social and team-building element to the gameplay. Databoss card packs are priced at a fairly modest 22.95 Euros, with a discount for larger orders. Packs can be customized with your company logo or other elements, as well as unique instructions and characters. This can help make the game more relevant and instructive for players. Inventive Games also offers training classes that can be tied into the game.

Pros:

• Physical card games promote social connections.
• Engaging and informative.
• Customizable with company logos and additional elements.
• Reasonably priced.

Cons:

• Requires players to be on-site for games to take place.
• Training sessions are expensive.

9. GDPR Board Game

ISACA’s GDPR Board Game is a traditional “goose game” with a GDPR twist. Each player has a counter that they place on the board, rolling a die to see how many spaces they move forward. The square they land on determines their next action, which can include answering a GDPR-related question from the deck of question cards provided.

Some questions have a simple yes/no answer, while others require more in-depth responses. While it’s fun and engaging, the GDPR Board Game was produced in 2017 and more recent versions are not available. This can mean that some of the questions are a little dated, as regulations can change. Of course, it’s possible to expand the deck of question cards with additional topics.

Pros:

• A traditional board game with a familiar format.
• Fun and social.

Cons:

• Questions are no longer being updated; they may not reflect current regulations.
• Cannot be purchased from the developer (available through online outlets such as eBay).

Conclusion

Even though most people have heard about GDPR, many don’t know all of its implications for the businesses they work for and what it means for their responsibilities.

With the games above, your employees can learn all about the ins and outs of GDPR.

If you’re looking for a solution that trains your team on a wide range of security and privacy topics, including GDPR, consider using Guardey. You can now try it out for free during a 14-day trial, or talk to one of our experts for more information.

Experience Guardey today. Schedule a demo.