Learn about GDPR the fun way. Play our snakes & ladders game
Europe has led the way with adoption of the General Data Protection Regulation to protect Europeans’ data from hackers and those who have access to the world’s most sophisticated data surveillance apparatus. Now, it has to enforce it. The game below captures key aspects of the GDPR and what companies and agencies need to do. Learn how to avoid penalties and protect European data. Grab your colleagues and play.

Don't have time to view it now? Download the PDF

Europe has led the way with adoption of the General Data Protection Regulation to protect Europeans’ data from hackers and those who have access to the world’s most sophisticated data surveillance apparatus. Now, it has to enforce it. The game below captures key aspects of the GDPR and what companies and agencies need to do. Learn how to avoid penalties and protect European data. Grab your colleagues and play.




































































1
Starting position
Zettabox offers companies the most advanced European platform for file-sharing and team-work built to anticipate upcoming European regulations designed to ensure the privacy of data, including data protection and the right to be forgotten.
2
"With Zettabox your content is safe from cybercriminals and foreign government intervention. Your data belongs to you, and you maintain all rights to data stored."
3
Good start!
You’re up and running. You’ve begun to educate your team about the basic requirements of the new GDPR. You are ahead in the game because you know that all companies serving European consumers have to comply – no matter where their headquarters happen to be.
4
82% of businesses say privacy laws are a top concern for them when choosing where to store data?
6
Fantastic!
Your company’s data is in an electronic format that can be securely moved if necessary. You haven’t “locked” your customers’ data into a single provider’s set of applications and you’ve transferred important data to secure locations.
Easy! You can use the Zettabox Geo-Tool to place your data in specific European locations.
7
The Court of Justice of the European Union has declared that the US is NOT a safe harbour and does not provide an adequate level of data protection.
Source: http://curia.europa.eu/jcms/upload/docs/application/pdf/2015-10/cp150117en.pdf
8
Oh no!
Your company has not appointed an independent Data Protection Officer.
9
81% of the world’s data is stored in the EU and US
10
Good start!
You’re up and running. You’ve begun to educate your team about the basic requirements of the new GDPR. You are ahead in the game because you know that all companies serving European consumers have to comply – no matter where their headquarters happen to be.
11
The EU generates more than 1.5x the total amount of data than the US, but the US stores nearly 2x more data.
12
Damnation!
You thought because you were American, with your headquarters in the US, that you were exempt from the law.
Watch your step: you could face fines from 2% to 4% of your gross revenues globally.
14
Excellent!
You’ve taken the steps to ensure that all your data is encrypted.
Zettabox encrypts data at rest and in transit.
15
The EU has the highest level of data protection standards in the world including communications, privacy and data protection.
16
Awesome!
You put in place a system to verify that the apps you develop are GDPR compliant, just like Zettabox.
Zettabox is built with protection by design to guarantee compliance.
17
Only 22% of EU citizens have full trust in Internet companies such as search engines, social networking sites and e-mail services.
18
Fantastic!
Your company’s data is in an electronic format that can be securely moved if necessary. You haven’t “locked” your customers’ data into a single provider’s set of applications and you’ve transferred important data to secure locations.
Easy! You can use the Zettabox Geo-Tool to place your data in specific European locations.
19
4000 businesses in Europe used Safe Harbour to store data in the USA. Was yours one them?
20
Whoops!
You haven’t updated your breach policy and detection methods.
And NOW you’ve suffered a data breach and forgot to inform your customers within 24 hours. You’ve earned a bad reputation for handling customer data!
21
Awesome!
You put in place a system to verify that the apps you develop are GDPR compliant, just like Zettabox.
Zettabox is built with protection by design to guarantee compliance.
22
Wow!
You’ve successfully moved your data, and you really know who has access to it.
Zettabox provides a dashboard with increased controls for management of content within teams.
23
Excellent!
You’ve taken the steps to ensure that all your data is encrypted.
Zettabox encrypts data at rest and in transit.
24
Service providers should be required to explicitly ask your permission to use your data.
25
Grrrr!
You chose not to use a European cloud storage provider and will now have to move your data again…
Should have gone to Zettabox!
27
Wow!
You’ve successfully moved your data, and you really know who has access to it.
Zettabox provides a dashboard with increased controls for management of content within teams.
28
Great!
You’ve informed your customers of their ‘Right to be forgotten’! Don’t forget to include an app that helps them exercise that right with data they’ve shared with you.
When you exercise the ‘Right to be Forgotten’ within your Zettabox account, all files are permanently deleted and no residual storage is left on our servers.
29
Can you easily erase your data completely without worrying it could pop up elsewhere?
Source: http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf
31
How embarrassing!
You know whose data you’ve got, but you haven’t got their consent to have it. Now you have to ask for their retrospective consent.
32
Great!
You’ve informed your customers of their ‘Right to be forgotten’! Don’t forget to include an app that helps them exercise that right with data they’ve shared with you.
When you exercise the ‘Right to be Forgotten’ within your Zettabox account, all files are permanently deleted and no residual storage is left on our servers.
33
Did you know by 2018, there will be 2 billion personal cloud storage users worldwide?
33
81% of businesses want to know exactly where their data is hosted.
35
Aargh!
No one knows exactly where the company’s cloud data is and how it is backed up. Maybe it’s on servers hosted in the US, where a lot of other European data ends up.
Zettabox is the first pan-European solution for cloud storage and collaboration with sites across the EU.
36
Thanks for playing!
We hope you enjoyed learning about about GDPR compliance.
For more information, click through to these related articles:







Playing instructions:
Snakes and Ladders is an ancient board game that's become a worldwide classic.
Climb the ladders to become the company hero and be GDPR compliant. Avoid the snakes. Their bite could mean your company paying large penalties.
Play with 2 or more players (preferably with your senior managers :) ).
You will need a dice and counters
- Roll the dice.
- Move your counter that number of spaces.
- If you land on a snakehead, oops. You fall down to its tail. If you land on the bottom of a ladder, congrats! You climb up.
- The first to make it to the last square on the board is now GDPR compliant and the winner!
We made this a game, to help your team better understand the most important aspects of the GDPR.
Good Luck!
