It’s been some time since the GDPR went into effect, and hopefully every employee who handles the personal data of EU residents has gone through the proper training. So … now what?

Can you answer “yes” to each of these questions?

  • If your marketing team launches a campaign three months from now, will they remember the GDPR’s requirements for consent?
  • If a data breach occurs next March, will your IT team recall the GDPR-mandated actions and be able to execute them within 72 hours?
  • If an EU resident contacts your call center a year from now and requests erasure of all her personal data, will the customer service rep remember exactly what to do?

If not, your data privacy training may be incomplete.

Why traditional training is just the beginning

To get your organization ready for the GDPR, you probably conducted a seminar, workshop, or training series. When your people walked out (or logged out) of the event, they likely remembered a good portion of what they learned. But studies show that after training, a phenomenon psychologists call “the forgetting curve” sets in.

According to the forgetting curve (based on the research of psychologist Hermann Ebbinghaus) attendees start forgetting the material just a few hours after training ends. Within a month, almost 80 percent of what they learned is gone from memory … unless they receive some kind of training reinforcement.

Enter gamification

So, how do you make sure employees retain their GDPR learning, without bombarding them with reminders or interrupting their schedules with more time-consuming training? Enter gamification.

“Learning without daily reinforcement is not learning at all,” says Robert Feeney, CEO of training reinforcement app provider Ringorang. “By creating micro-learning ‘chunks’ and adding light gamification, businesses can reinforce training on a daily basis. It takes just a few minutes of employees’ time and engages them in a way that’s fun — like a daily quiz show, but on a serious subject: your content.”

According to Ringorang’s data, one month after training, gamification delivers an average recall rate of 84 percent — a major improvement over the typical rate of 21 percent that the forgetting curve shows.

Let the learning begin

In our recent webinar, “Game On! Gamification: How to Make GDPR Training Fun… and Effective,” we explored how gamification fills the gaps in your GDPR training and helps employees use what they learn to develop new habits. We explored where businesses are today with GDPR training, why the standard approach to training reinforcement may not be working as well as they’d hoped, and how gamification can fill the gaps.

Now that the GDPR is in force, chances are your staff has received the training they need to keep your organization in line with the new requirements. Can you be certain that they’ll know what to do if, say, a customer calls to exercise her right to be forgotten under the GDPR…six months from now?

Traditionally, organizations have attempted to reinforce training with emails, e-learning, and playbooks, with mixed results. By leveraging gamification, businesses can reinforce GDPR training on a daily basis, in a format that’s fun and engaging for employees. Training games take less than 4 minutes a day, and because they’re non-intrusive, they won’t conflict with meetings or other obligations.

When it comes to data privacy training, the real goal isn’t delivering information — it’s changing behaviors.

Like what you see?

Paul Lee

Ethan Silvers is a Senior Director at Logic20/20.

Author