ActivTrak Helps Global Company Meet GDPR Standards & Optimize Business Processes

A global SaaS company has more than 7,000 employees across 80+ countries, including France, Germany, Spain and the UK. The company has grown significantly through a mix of geographic expansions and acquisitions, resulting in many different systems and ways of working. But one thing is consistent across all its EU operations: the requirement to comply with the General Data Protection Regulation (GDPR).

If an employer introduces monitoring software that violates the GDPR, fines up to 20 million euros or 4% of the total worldwide annual turnover of the preceding financial year could be imposed.

While the 10 key requirements of GDPR are well-established, enforcement varies widely from country to country, with some being more proactive than others. In 2021, Spain led the EU in total number of fines, whereas Italy led in the total amount.¹ The company saw these trends across its own operations as well, with the UK generally having fewer concerns and France
being much more stringent.

1. Ilse Heine, 3 Years Later: An Analysis of GDPR Enforcement, Center for Strategic and International Studies, Sept. 13, 2021

When the pandemic hit, the company wanted to know which technologies its employees spent the most time using, and where to invest additional tools and training to support them. The company turned to ActivTrak’s workforce analytics to get the visibility it needed for business process and technology improvement efforts. The company’s top priorities were to maintain the privacy and security of employees’ data, and to be transparent about its intent. Preserving trust was of paramount importance, so it decided to proactively share the data it collected with employees.

ActivTrak’s built-in privacy and security controls allowed the company to carefully scope and limit the data it collected and shared via the application, and create custom views via integration with Tableau – maintaining critical GDPR compliance across its various EU operations.

Aggregated findings allowed teams and leaders to identify inefficient processes and underutilized applications used by different teams. Streamlining their technology usage allowed them to increase throughput and focus, as well as improve the way they served their customers.

The company took several steps to deploy ActivTrak in a GDPR-friendly way:

• Framed and communicated the program as “business process and technology improvement.” The deployment was focused on technology usage, so there was no reason to refer to words like “productivity” and “performance.”
• In the EU, employees, managers and execs only had access to data via Tableau — not the ActivTrak app — to limit access to curated, sanitized data only.
• In the US, managers were given limited access to the app based on their teams’ data and reports.
• Communications and training materials were localized for:
  • “Productivity and performance” tool in the US, Canada and Mexico.
  • “Business process and technology improvement” in the EU with an emphasis on the benefit for employees, e.g. tech usage, workflows, etc.