To ensure our work with you complies with relevant legislation, such as UK GDPR, we embrace the principles of data protection by design and default in all our tools and processes.

Early on, we agree an initial mapping and analysis plan, then work with your compliance and IT teams to ensure only the minimum data is collected and processed. There are three main areas where the approach is tailored, with options driven by the type of analysis being undertaken.


For most projects, the data to be collected covers:

  • When and how employees have communicated (from pre-existing records)
  • Memberships of collaboration spaces (e.g. MS Teams)
  • Organisational reporting lines

We do NOT examine the content of any communication. We can also work with pseudonymised data.


We can undertake pseudonymisation on your behalf, ensuring that our analysis and deliverables contain no real personal information. For certain projects, reporting and analysis can be conducted in aggregate terms (data about individuals is removed completely). For example, an analysis of communication activity within and between office locations or sub-departments.


We destroy personal data once the analysis and reporting work has been completed and agreed. Where future or periodic measurement is agreed, we work with your compliance and security teams to agree what, how and by whom data should be retained for later comparisons.