As an administrator of organizations or projects within 360 Feedback Manager, you and your client have responsibilities as the “Data Controller” for the personal data collected or entered by you.
You should make yourself familiar with the data protection laws that apply to the country or countries that you and your participants are operating in. For example, you are required to adhere to the General Data Protection Regulation 2016 (GDPR).
As a baseline, we recommend that you:
- Have clear policies that you share with participants covering:
- How their data will be used
- Who their data will be shared with
- When their data will be deleted
- How they can access, delete and rectify data.
- Ensure you have lawful grounds for collecting data about someone being assessed. For an employee, this is typically covered by their employment contract. If not covered by any contract, you may need to explicitly ask for the consent of the person being assessed.
- Ensure you have lawful grounds for collecting data from the person providing feedback. Again, this can be covered by an existing contract or by explicitly asking for consent.
- Manage your data securely. For example, you should never share your 360 Feedback Manager login details, and you should take care with any data you export to your own device.
- Allow a second administrator access to your 360 Feedback Manager organizations and projects. This is to ensure that another user can support your organization in the event of you leaving the organization, getting sick, going on long-term leave, or otherwise being unavailable when they access is needed.
If we receive a request for data from a participant in a project you have access to (a “data subject request”), we will provide your contact details to the participant so that the participant can contact you directly. It is your responsibility as the Data Controller to then respond to that request. To support you in responding to these requests, 360 Feedback Manager makes it easy to export both feedback reports and individual responses.