Could you escape….The Breach?

Breakout games have become more and more popular with over 70 in the UK alone. What if we could bring an escape room into Welsh Water as part of our campaign to raise awareness of the General Data Protection Regulation (GDPR)?

We knew that to really embed GDPR and create a culture of data privacy by design into the organisation we needed to focus on internal communications and engaging colleagues. GDPR is much more than introducing new policies and procedures, it’s about behaviors, knowledge and a culture where it is safe to question and challenge. Recognising this we had already created a consolidated campaign covering communications, training and business change as we worked closely with business areas to understand the impact of the new regulations.

We tackled the campaign in three phases, initially focusing on awareness, then tailoring our messages and finally thinking about reinforcement and embedding change beyond 25 May.

Defining a purpose

Linking the campaign to Welsh Water’s vision of earning the trust of customers every day was key and we knew we needed to find a way to engage colleagues and bring the subject to life.

And so Welsh Water’s pop up escape room was born, but this wasn’t about creating a gimmick for the hell of it, it was about enhancing our campaign objectives with specific aims for the room itself including:

• consolidating the eLearning and face to face training that had already taken place
• reinforcing organisation wide messaging on key elements of GDPR such as identifying a data breach, how to store personal information securely and understanding individual rights
• helping colleagues understand GDPR in the context of the Welsh Water working environment
• raising the profile of Welsh Water’s Data Protection Officer
• creating a fun, engaging and memorable activity to raise the profile of data protection

Getting started

A couple of us had tackled escape rooms before so we understood the concept, but creating our own and making it as ‘real’ as possible within the constraints of a corporate environment was a different thing! But after a couple of sessions bouncing ideas around we had the shape and content of our very own escape room.

We created a fully interactive experience in which colleagues had 30 minutes to work in teams of 2 – 5 people to find the potential information breaches and stop Welsh Water having to notify a breach to the Information Commissioner’s Office and the customer.

The idea was to test their knowledge of data protection and their ability to work as a team. To escape the Breach. Those who did stood the chance of becoming the overall winners of the Welsh Water GDPR Escape Room!

Collaboration and execution

Fast forward to 22 May and we were stood in front of The Breach. Using Welsh Water’s in house designer we had a brand, thanks to help from facilities we had a room that looked as ‘real’ as any escape room I had been to and we had created four challenging tasks including a computer based puzzle coded by a colleague’s 13 year old son! We brought in the props we needed and Eventbrite proved to be the ideal means of managing bookings that were sold out in 3 hours.

Can you escape ‘The Breach?’

We used the programme team as guinea pigs to make sure the challenges worked and we were good to go.  Over four days 39 teams took the challenge and 31 escaped the breach! Sat in on the room as an observer (and giver of clues when the teams got stuck!) it was great to hear conversations on how to avoid data breaches, what constitutes a secure means of storage and which individual rights our fictional customer, Mrs Smith of Dwr Town, had exercised.

Learning through fun!

Feedback has been unanimously positive and included:

‘In 15 years of working here I’ve never had so much fun learning – what a brilliant way to get messages to stick’

‘That was harder than some of the escape rooms I’ve done, but really got the messages across’

‘Team working and learning in one fun experience – brilliant!’

Let’s be honest, data protection isn’t always the most exciting of topics and engaging people on it wasn’t helped by the onslaught of GDPR emails we were all receiving in the run up to 25 May. That made seeing GDPR brought to life for colleagues even better and it is clear that there is an appetite for new ways of learning. The GDPR Escape Room concept really struck a chord and as a lover of internal comms and all it can achieve, that was music to my ears.