The way we handle data — metadata only, pseudonymised throughout, group-level outputs, no content access — is materially less intrusive than conventional alternatives. And what 'group-level' means depends on organizational size
| DPO concern | How we address it |
|---|---|
| Individuals can be identified | We hold no re-identification key — that stays with the client. All outputs use pseudonymous IDs only |
| Data used for performance assessment | No individual is named, scored, or ranked. Outputs describe organisational topology, not individual behaviour |
| Purpose not proportionate to data collected | Organisational design is a defined, bounded, time-limited purpose. We process only the metadata the question requires |
| Risk profile vs. conventional alternatives | Interviews, surveys, and management assessments all involve named individuals being observed or evaluated. We use aggregated, pseudonymised metadata. Lower exposure by design |
| Employee rights not properly considered | We assist DPOs in confirming that employee notifications and LIA and DPIA assessments are completed before any processing begins |
In a larger organization — typically above 200 people — groups of ten or more are genuinely anonymous. Individual identification from a group metric is not structurally possible
In a smaller organization — under approximately 200 people — group-level outputs can still allow identification by elimination. This difference directly affects how engagements are scoped and what the DPO conversation looks like
We apply our full output model. Findings are delivered at group level with minimum group sizes of ten (k≥10) enforced across all outputs. Three output configurations are available:
The output model is adjusted to reflect higher re-identification risk. We work with the client and their DPO to agree an approach that is analytically fit for purpose and consistent with their data protection obligations
We are direct with clients when a proposed scope would not meet our privacy standards. If the analysis cannot be conducted in a genuinely privacy-safe way, we say so
A plain-English explanation of what HumanDynamics analyses about you, what we never access, and what your rights are
Employee Data & Privacy →Full documentation of lawful basis, output approaches, jurisdiction guidance, and employee rights. Request our DPO Reference Guide
Request DPO Reference →Privacy questions specific to an engagement or portfolio company? We are happy to walk through the privacy architecture directly
Contact us →We respond to all privacy enquiries within five working days
Contact us