NGAGE Intelligence Analytics products only process non-sensitive employee personal information that already exists within an organization: typically, but not exclusively, that’s the data held in Active Directory or Azure Active Directory.
There is an argument that, in the context of GDPR and EU/EEA based employees, there is a ‘Legitimate Interest’ in processing this same personal information for the purposes of Intranet/Portal Analytics.
However, as with all things GDPR, nothing has been tested in law. And NGAGE Intelligence, Inc. categorically does not offer advice in this area. Instead it ships with a set of GDPR Compliance/Privacy features that can be configured to be coherent with your policies – whatever they may be and however they evolve over time. Specifically:
- You can control the visibility of a Consent Manager
- For example, you may only want it pushed to employees associated with offices based in the EU/EEA.
- You can edit the Consent Manager
- to inform employees of your Purpose in Processing their Personal Information in this context
- You can define ‘Anonymity
- In NGAGE Administration you can choose to only hide/pseudonymise specific AD fields in Analytics reports – for example User Names and Email Addresses. In this scenario, if there were a business requirement, it would be possible to infer or otherwise identify a specific user and their behavior.
- Or you can render a user completely and permanently ‘Unknown’ by not allowing, at source, NGAGE to capture and process some or all their Personal Information.
- You can apply either form of Anonymity (or No Anonymity) at Organization level or by User Office Location
- With either form of Anonymity NGAGE will still provide complete Unique User counts.