It goes without saying that the anonymity, confidentiality and security of data has to be the top priority when conducting online employee surveys. However, it is not enough to simply mention this in communication; the necessary technical and organisational framework must also be established. Aspects like the SSL encryption of data and the technical security of survey servers play a major role in this regard.
In order to ensure compliance with technical and organisational requirements, Rogator’s servers are located on German territory in a DIN2701-certified data centre operated by Noris Network AG. All processes are subject to our own Data Protection and Security Plan, which is monitored by our Data Protection Officer and through our membership of professional market research associations (VMÖ and BVM). We actively ensure data protection and introduce constant improvements, such as by designing GDPR-compliant processes. This allows Rogator to guarantee maximum security and data protection.
Storage location and access
Regulating where data is stored and who has access
It is just as important to determine where data is stored and who has access to it. The company would only be able to use one of its internal servers to carry out employee surveys under certain circumstances. Some members of the workforce may start to suspect that their personal data may be directly viewed by their supervisor in case of doubt.
In the vast majority of cases, it is worth commissioning an external service provider to collect and store survey data, in order to counteract this impression and build trust. It should also be agreed in writing that the client shall not be granted direct access to this data, and that so-called “raw data” – data from individual respondents – shall not be provided if it allows conclusions to be drawn on individuals through the combination of various personal characteristics. Written guarantees of this kind are standard at Rogator.
Separate transmission of access data
Evaluations and reports on employee surveys are delivered to the client online via RogExchange, our secure exchange platform. This is particularly interesting when a large number of files are issued to a significant amount of managers. Rogator solves this problem by sending online access data separately via email. Managers can easily log in to the RogExchange platform and download their reports. Access data may also be sent by letter or over the phone in particularly confidential cases.
Who can read what?
Transparency and commitment from the very beginning
Another essential issue is the transfer of overall evaluations of employee surveys. Rogator clarifies in advance who should gain access to these evaluations or to the reports aimed at specific organisational units. It is particularly worth clarifying the following aspects:
- Should the executive management team be granted access to all reports?
- Should evaluations concerning one particular manager only be delivered directly to them or also to their supervisors?
- Should reports be delivered by the service provider or centrally by the HR department?
- Should reports be delivered in an electronic or printed format?
- Should results / reports be issued as a dashboard solution?
The willingness of data subjects to support a project may ultimately depend on the definition of these aspects. Therefore, there should be transparency and commitment to the planned approach from the very beginning.
Do they know it was me?
The ultimate question
Rogator takes various measures to reliably ensure the anonymity of participants in employee surveys. The challenges are:
- to make sure surveys are not completed by the same person more than once;
- to offer the chance to resume an aborted Survey;
- to associate non-personal data with a survey (e.g. location, department or supervisor of the participant);
- and to still guarantee the anonymity of participants.
Rogator solves these challenges and guarantees anonymity by pseudonymising its survey data.
Protection of survey servers
We secure our servers against unwanted and criminal access
It goes without saying that a company offering services related to online employee surveys should protect its servers against unwanted and criminal access. We maintain a high level of security through our up-to-date security architecture, regular security checks, updates and adequate back-up procedures. Further information is contained in our Data Security and Protection Plan, which you may request if you are interested.
Rogator as the “trustee” of your data
One last important point is the difference check. Rogator does this to ensure that no links can be made to specific groups of people that are smaller than the agreed anonymity threshold, even through the combination of various reports.
Subscribe to our newletter and learn more about employee surveys
Seize the opportunity and sign up for our free newsletter. It provides you regularly with important information around data protection, employee Surveys and much more !