GDPR Compliance

NGAGE can be easily configured to align with your GDPR/Privacy Policy.

NGAGE Intelligence Analytics products only process non-sensitive employee personal information that already exists within an organization: typically, but not exclusively, that’s the data held in Active Directory or Azure Active Directory.

There is an argument that, in the context of GDPR and EU/EEA based employees, there is a ‘Legitimate Interest’ in processing this same personal information for the purposes of Intranet/Portal Analytics.

The General Data Protection Regulation ("GDPR") is a regulation in EU law on data protection and privacy for all individual citizens of the European Union (EU) and the European Economic Area (EEA). The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying associated regulations within the EU. The regulation applies to an enterprise established in the EU/EEA or, regardless of its location and the data subjects' citizenship, that is processing the personal information of data subjects inside the EU/EEA. Breaches of the regulation could lead to significant penalties and reputational damage.

However, as with all things GDPR, nothing has been tested in law. And NGAGE Intelligence, Inc. categorically does not offer advice in this area. Instead it ships with a set of GDPR Compliance/Privacy features that can be configured to be coherent with your policies - whatever they may be and however they evolve over time. Specifically:

  1. You can control the visibility of a Consent Manager
    • For example, you may only want it pushed to employees associated with offices based in the EU/EEA.
  2. You can edit the Consent Manager
    • to inform employees of your Purpose in Processing their Personal Information in this context
    • to confirm the user’s Right of Access, Right of Erasure and any other important aspects of your Privacy Policy
  3. You can define ‘Anonymity
    • In NGAGE Administration you can choose to only hide/pseudonymise specific AD fields in Analytics reports – for example User Names and Email Addresses. In this scenario, if there were a business requirement, it would be possible to infer or otherwise identify a specific user and their behavior.
    • Or you can render a user completely and permanently ‘Unknown’ by not allowing, at source, NGAGE to capture and process some or all their Personal Information.
    • You can apply either form of Anonymity (or No Anonymity) at Organization level or by User Office Location
    • With either form of Anonymity NGAGE will still provide complete Unique User counts.