GDPR in Workshop
At Workshop, protecting employee data and ensuring privacy is a core part of how we build our product. We are fully compliant with the General Data Protection Regulation (GDPR) by default, meaning that:
-
Personal data is handled securely and transparently
-
Users’ data rights are respected, including access, deletion, and consent
-
Only necessary information is collected, and it's protected through secure systems and processes
To facilitate the best analytics experience possible given these constraints, Workshop's tracking generates random, unique IDs for email opens, link tracking, and survey responses. By default, these IDs can be associated with individual recipients, which allows internal communications teams to better understand employee engagement. However, this data remains secure and is only accessible within the Workshop platform based on role-based permissions.
We understand that privacy procedures can look different from one organization to another, especially when internal privacy policies go above and beyond standard regulatory requirements. For teams with these needs, Workshop offers an optional data anonymization setting that further limits the visibility of individual engagement data.
What Happens When You Enable the Optional Anonymization Setting
If your organization enables this setting:
-
All engagement data (like opens, clicks, and survey responses) are fully anonymized within the database
- Granular analytics are masked from the platform, inhibiting the ability to follow up with un-openers or un-clickers.
This setting is most useful for organizations operating under stricter internal compliance guidelines that require employee activity to remain completely anonymous. However, enabling it is not required to be GDPR compliant, as Workshop meets these standards either way.
If you're interested in enabling this optional GDPR setting for your organization, please reach out to us at sales@useworkshop.com.