Data Protection: our approach to the GDPR
On 25 May 2018, the General Data Protection Regulation came into force. GPTW would like to describe our approach to protecting your data.
When conducting surveys among employees of an organisation, anonymity and confidentiality are the main prerequisites for those giving honest feedback to their company. Therefore, implementing reliable data protection and data security measures is of crucial importance to Great Place to Work® Institute Italia s.r.l. ( “GPTW”).
Below we present the process GPTW uses to ensure the anonymity and protection of the data of all those who take part in our surveys.
When an employee survey is conducted, the company provides GPTW with contact information. This requires an agreement on the handling of data processing and data security [in accordance with Article 28 of the General Data Protection Regulation (“ GDPR”)]. More specifically, it requires an agreement on data protection between the GPTW and the client.
2. Conducting a Great Place to Work® climate survey among employees
We offer our clients several ways to conduct a survey or poll among their employees. Each company decides which format is the most appropriate for them.
2.1. Online survey by email invitation
When conducting an online survey, there has to be agreement on the handling of data processing and data security between the company administering a Great Place to Work® survey to its employees and GPTW.
Before the start of the survey, the company provides GPTW with the email addresses of the people selected to take part. Optionally, email addresses are linked to information relevant to certain departments. This ensures the results of the survey can be assessed on the basis of departments that work closely together.
GPTW sends an email to employees inviting them to take part in the survey. These emails contain a personal link that takes survey participants directly to the online questionnaire. The company and survey participants should not forward invitation emails to other people in the company or to third parties.
The online questionnaire is processed and the data provided is stored on servers owned by Beyond.pl hosted by The Trust Lab. and located in Poznan, Poland. In accordance with Article 28 of the GDPR, an agreement is in place on the handling of data processing and data security. All online questionnaires are modular and barrier-free for mobile devices.
The website hosting the questionnaire is encrypted. This means responses to the survey are encrypted when sent to the server. Standard 128-bit and high-level 256-bit encryption are supported. These are the same encryption security standards used for online banking. It is practically impossible to intercept or record participants’ responses.
After the survey and before further processing and reporting, the survey data is separated from participants’ personal data (such as name, email address). This procedure ensures that no conclusions can be drawn about participants in relation to their responses.
In all cases, the sending or use of personal data by third parties is strictly prohibited. All personal data is deleted automatically 365 days after the end of the survey. This period can be extended or reduced by agreement.
2.2. Paper questionnaires
About a week before the start of the survey, GPTW sends out the required number of paper questionnaires and printed envelopes.
Paper questionnaires are not personalised, which means they never contain elements that identify the respondent. These questionnaires simply contain the name of the company in print and, if applicable, an additional department and/or line of business and/or country - alongside their corresponding numbers. Therefore, no conclusions can be drawn about individual participants, not even from the numbers and/or QR codes printed on the survey.
Generally, survey documents are distributed to all invited employees with an accompanying letter.
Paper questionnaires will be returned anonymously to GPTW in pre-printed, pre-stamped envelopes provided by GPTW.
Alternatively, paper questionnaires can be collected directly from the client. For this purpose, sealed envelopes are placed in containers or collection boxes provided by the company. In this case, the company is required to follow certain standards to ensure participation in the survey is anonymous and should document its compliance with all aspects of the procedures required by GPTW (e.g. sealing collection boxes, “monitoring” the boxes and return of the questionnaires by trusted persons).
2.3. Online survey using access credentials (username and password)
A survey using access credentials takes place online and does not require an individual email address. Employees invited to take part get access to the survey using an individual access code that can be entered at these web addresses: www.onemanyany.com, www.gptwsurveys.com. However, the client can customise the address that gives access to the survey.
Each employee invited to take part receives a link to the survey and his or her individual access code. These might be received in a sealed envelope or chosen randomly by the person from a box.
Sealed envelopes usually have no code and are not personalised. The address field only contains the name of the company in print and, if applicable, a specific department, industry or country. Therefore, no conclusions can be drawn about individual respondents (not even from the corresponding numbers).
As a general rule, client companies set up collection boxes containing slips bearing a single set of access credentials (one user ID and one password to be entered on the main login page). Participants draw one of these slips randomly, thus ensuring the company is in no way involved in assigning credentials directly to its employees. The survey can be completed at different times at computer stations made available by the company or on personal computers/smartphones.
3. Analysis of the data from the Great Place to Work® survey
The Great Place to Work® climate questionnaire for employees contains:
- Closed questions: evaluation of statements such as “I’m given the resources and tools to do my job”, on the basis of different response options (“almost always true”, “often true”, etc.).
- Open questions: free text fields
- Demographic questions: statements about belonging to certain demographic groups, such as age, gender, etc.
Responding to any of the survey questions is voluntary. The final evaluation and reports are based solely on data collected anonymously (“raw data”) containing no personal data.
Generally, it is possible to match subsequently the responses provided in online surveys to personal data (name, email address) until the personal data is deleted 365 days after the questionnaire is completed. However, this option is only used in exceptional cases (e.g. if required in the evaluation process) and is generally the responsibility of the GPTW Operation Manager. The same applies to surveys using access credentials which require a unique username and password.
No personal data (e.g. name, address, email address) is available for the paper-based survey. Once GPTW receives the paper questionnaires, they are scanned or processed manually under supervision. Data is collected by GPTW or by an external service provider with which an agreement is in place on the handling of data processing and data security. A dataset is generated and used for statistical analysis. Questionnaires are destroyed after 12 months of storage. If the client wishes the original questionnaires to be kept for a longer period – e.g. for follow-up surveys – it must provide a signed request in writing, which GPTW will keep on file.
The results and evaluations of employee surveys are presented in aggregate form only (closed and demographic questions), in the final reports. The results contain no recognisable responses provided by individuals. An aggregation limit is set for this purpose, which is the minimum number of respondents below which no results are displayed. The default limit is five respondents in a given demographic category. Any changes to these evaluation limits can be agreed upon with individual companies, and only as an increase of the above number.
This evaluation limit is also applied if several demographic or organisational characteristics are combined for assessment, such as the results for all men in a certain age group or for all managers in a given business division. To ensure even greater and immediate confidence among respondents, combined demographic characteristics can be omitted entirely from the data analysis.
By default, responses to open questions are reported verbatim, meaning that names or other references are not anonymised, which could lead to the identification of persons in the company. The questionnaire contains a very clear “warning” calling the respondents’ attention to this fact and also informs them not to provide names or describe events in such a way that conclusions might be drawn about other individuals. Clients always have the option of requesting the anonymisation of open questions as an additional service.
Responses to open-ended questions can be grouped by department or demographic category, if at least five people from those departments or demographic groups have taken part in the survey.
Reports are uploaded to the GPTW download portal or emailed to the client company’s project manager. Access to the portal is protected by a username and password. The access credentials to the GPTW download portal will be sent by email, after all the data has been analysed. The link to the download page will be sent in a separate email.
GPTW does not provide the company with any “raw data” to make its own evaluations and thereby circumvent the minimum aggregation limit of five people. If a company wishes to have access to the raw data, the procedure will be governed by a separate agreement and employees must be warned that the client company may view the data of individuals.
Anonymised raw data from the Great Place to Work® employee survey may be used and processed for comparative purposes and in publications by GPTW Italia, partner organisations in the GPTW global network and within research partnerships with universities and other research institutions.
4. Locations, storage times and access rights
Personal data, anonymous survey data (“raw data”) and reports on results are stored at the following locations:
- Servers of GPTW Italia, Milan, Italy, Viale Andrea Doria, 3.
- Servers of The Trust Lab Limited: Beyond.pl Sp. z o.o. ul. A. Kręglewskiego 11 61-248 Poznań (service provider)
Personal data is stored and processed solely in the European Union and, in accordance with the agreement signed with client organisations, is valid for 365 days from when the climate survey is closed.
Unless otherwise agreed between the parties, no personal data relating to climate surveys can be traced after 365 days.
The IT service provider Trust Lab Limited provides the following services to GPTW:
- Hosting of online surveys
- developing and hosting instruments for evaluating survey results and producing findings
- providing our clients with reports of the results via a download portal
The company has had a business relationship with The Trust Lab Limited for over ten years. The collaboration is governed by an agreement on the handling of data processing and data security.
Access to personal data is restricted to personnel in the Operations department and sometimes, for service reasons, to Project Managers. These Operations and Project Managers are authorised by the Data Processor in a written letter under the coordination of the DPO for the management of personal data in relation to data protection and compliance with the GDPR.
GPTW system administrators and certain authorised employees of our service providers, The Trust Lab Limited and Bear Service srl, also have access to this information.
5. IT infrastructure and security standards of Great Place to Work® Italia
- The server is located in Milan, Italy, in the building of GPTW Institute Italia srl.
- Access is restricted to the CEO, IT Manager, System Admin, DPO by keypad with access log
- Infrastructure components, which are mostly redundant, and server systems (with UPS overvoltage protection)
- Multilevel backup concept with logical and spatial separation
- Cloud backup
- Updated centralised AV and patch management
- Hosted systems for collaboration software (Exchange, SharePoint)
- State-of-the-art encryption (data transmission, mobile devices, Wi-Fi, VPN, email)
- Principle of least privilege (authorisation and role concept, separation of system and data)
- Only software supported by the manufacturer is used
- Devices with a valid hardware service provided by the manufacturer (partly for notebooks worldwide)
6. IT infrastructure and security standards of TRUST LAB - ONEMANYANY, Ireland
- The servers are in Poznan, Poland
- The servers are protected by a firewall
- Only authorised administrators have access to the server room
- The Data Controller shares the personal data of its employees via a secure file-sharing platform. GPTW recommends not sharing this personal data via normal email.
- Access to the online survey and results (download) via HTTP or HTTPS
- GPTW project managers only have HTTPS access to questionnaire design and reporting tools
- Survey and test link websites: http://oma0.com, http://www.onemanyany.com , https://www.onemanyany.com
- Website IP address: 188.8.131.52
- Invitation emails are usually sent by: firstname.lastname@example.org from the email server with IP address 184.108.40.206 and 220.127.116.11 (client can customise the sender)
- Usual subject line: Best Workplaces Italia 20XX – Trust Index Survey © (the email subject line can be customised)
- GPTW Italia system administrators and operators can access the server via VPN.
7. The Great Place to Work® Culture Brief™ and Culture Audit™
Information for the Culture Brief™ and the Culture Audit™ is collected on an online platform. For both of these tools, participating organisations provide numerical, quantitative and statistical data and describe their great place to work for all culture, as well as their policies and programmes.
Only the following personal data is relevant to these surveys:
- Functional information: the contact details of the person in the company responsible for completing the Culture Brief™ and the Culture Audit™ (first name, surname, phone number, email address), along with individual data for accessing the platform where the questionnaires are filled in (user ID and password).
- Optionally: the contact details of the person who should be informed if the organisation appears in international rankings (first name, surname, position, email address).
- Optionally: the name of the CEO (or General Manager or other senior figure), their role and gender.
Only GPTW employees have access to the data. The confidentiality of store data is protected at all times.
8. International data transfer
GPTW is a global business. To be able to provide our services, we may need to transfer anonymous or anonymised data between different countries, including the United States, where our headquarters are located. When we transfer data to other countries, we will protect this information in the manner described in this document and assure clients, data controllers, and data subjects that no personal data will be transferred outside Europe. Data transferred to other countries is anonymous or anonymised before it is transferred. The transfer of data is for research purposes and for the publication of the Great Place to Work® Best Workplaces™ international rankings.
9. Appointment of the DPO
The DPO (Data Processor Officer), chosen by Great Place to Work Italia s.r.l. for his extensive experience with GPTW and as a third-party data manager, has the following duties:
a) to inform and advise the data controller or the data processor and employees processing the data about the obligations arising from the GDPR;
b) to monitor compliance with the GDPR, other provisions of the European Union or member states on data protection and the policies of the data controller or the data processor on the protection of personal data, including the allocation of responsibilities, awareness raising and the training of personnel involved in processing, and related monitoring activities;
c) if requested, to provide an opinion concerning the data protection impact assessment and monitor its execution;
d) to cooperate with the supervisory authority and act as a contact for issues relating to the processing of personal data,
e) the erasure of personal data can be requested by writing to the DPO at the following address: email@example.com . The DPO will work to erase all personal references as soon as possible and, in all cases, within the statutory time limit of 30 days from the time of the request.
When performing his duties, the Data Protection Officer takes into due consideration of the risks involved in processing personal data, and takes account of the nature, scope, context and purposes of the processing.
The DPO is Avv. Fabiola Mentasti
Great Place to Work Institute Italia s.r.l.,
Viale Andrea Doria, 20124, Milan
tel. +39 02 36768650