+33 (0)2 43 53 18 81 info@shortways.com

Is GDPR compatible with DAP ?

This article applies to European rules with regards to GDPR. Please contact us to discuss whether it matches your country’s regulations.

In total in 2020, France rose to 1st place on the podium, but not the one we expected…

According to Finbold.com, more than 2 years after the introduction of the General Data Protection Regulation (GDPR) in the EU and the EEA, France is the European country having violated the regulation the most, and received the highest total fines.

With the evolution of marketing and commercial practices, more and more consumer data are collected, in particular so-called “sensitive” personal data, for many purposes: commercial prospecting, advertising targeting, subscription to newsletters, personal information during online shopping…

Employee personal data are also collected and stored by companies in their management software: in the HRIS for payroll management, TMS for career management, etc.

It is therefore necessary to control and regulate the use of these data.

Personal data rights have therefore been established for these purposes to help users assert their rights in the event of problems.

According to the CNIL (European National Commission for Computing and Liberties), you have 9 rights that can be exercised with the organizations that use your data:

  • right of information: to know how your data is used
  • right of opposition: to oppose the use of your data
  • right of access: to obtain and verify the data that an organization has on you
  • right of rectification: to rectify the information that an organization holds about you
  • right to erasure: to delete data about you
  • right to delisting: to no longer associate your identity with content visible in a search engine
  • right to portability: to obtain and transmit / store a copy of your data for other purposes
  • right to data limitation: to temporarily freeze the use of your data
  • right related to profiling: to trace your profiling, to object to it and to request human intervention in an automated decision about you

Although Artificial Intelligence and Machine Learning are developing, and many benefits tend to be recognized (such as the time savings brought by the automation of certain tasks), according to a study by Oracle and Future Workplace, “The concerns regarding the complexity of AI technology, as well as data security and privacy, are the main barriers to wider adoption of the technology.”

Thus, 71% of employees say they do not use AI at work because of their concerns about security.

According to another JLL study:

64% of employees want to have control over their personal data (rectification, deletion, etc.)

54% require assurance that their data remain anonymous for their manager and employer

43% demand transparency on the purposes for which their data are collected

It is therefore very important for employees that their companies respect the rules regarding the security of their personal data, and that the AI ​​is not too proactive in using their data to offer content based on their behaviours, in particular on their business applications.

But then how to reconcile collection and effective use of personal data, especially when it comes to adapting training on business tools according to user profiles?

If you want to adapt your user support system to your business tools, digital adoption platforms are a digital training solution that allows you to display contextualized training content and adapted, directly integrated into the software.

This content can be targeted using “tags” to segment your users and target training content by profile, language, screen used: a step-by-step to accompany your employee during his first absence request entry, contextual help may be available to define business terms for your finance employee in its ERP, a notification bubble may appear on the screen of your managers or HR employees to announce the start of the annual interview campaign period, …

However, although data is manipulated, the Shortways digital adoption platform is not intrusive. It complies with data protection requirements, and we will explain why:


  • First of all, the integration of our digital adoption platform is not intrusive: we do not require access to your internal database for it to be used to offer feature segmentation via tags or other features. Shortways Assistant is a component added to your application or a browser extension, not an additional add-on.


  • Concerning DAP usage statistics to manage its use: we enable to measure the use of our functionalities, for example, the number of times the step-by-step on the “absence request entry” or “pay slip entry” has been played, but we do not manipulate or collect the business or personal information of the payslips filled in during the step-by-step, we do not have a view of the data concerning the remuneration of employees, nor the consolidation of turnover in the ERP, etc.


  • Concerning the use of the assistant: the usage data collected are anonymized by default, so that only general usage statistics are available, and not filtered by employee using his personal data (filtering by user number and not by email address for example).