Security and trust
in the 360 degree feedback process
in the 360 degree feedback process
Feedback is basically suitable for attacking our self-esteem. Most people do not like to hear criticism. It is obvious that such private information should not get into unauthorised hands. Furthermore, the people who criticise are also worried (in some cases, maybe with good reason). Who can predict how the feedback will be received and what the echo will be?
In the 360° feedback process, the topics of security and trust therefore cover several aspects at once, which we will discuss in more detail in this chapter. For example, it is necessary to determine whether the 360° assessment is basically anonymous and which persons/departments should have access to which data. How long should this data be available? In addition to these process decisions, technical data protection must also be secured so that only authorised persons have access. The European General Data Protection Regulation (GDPR) provides the legal framework for this. This article concludes with psychological considerations, because even if formally everything is done “right”, trust in the instrument may be damaged.
For honest and unfiltered feedback, the anonymity of the feedback providers must be guaranteed. The usual best practice procedure is that feedback should be given voluntarily and anonymously. However, there are risks involved in this procedure: The feedback given under the protection of anonymity could be unfair and destructive because the social responsibility is missing. More about the risks and opportunities of the 360° feedback process can be found in our chapter “360 degree feedback simply explained “.
In purely practical terms, it must be determined at which number of people a feedback provider group may be evaluated. Large groups (>5 people) protect the anonymity of the individual feedback providers because their feedback is absorbed by the masses. But what to do if a manager, for example, only leads two employees. In this case we see two options.
Individual result reports contain personal data, which sometimes have a content that is self-damaging. In order to avoid a tactical handling of the results and to keep the opposition of the feedback recipients as low as possible, it is worth considering to hand over the individual result reports exclusively to the respective feedback recipients. If feedback recipients know that no one but themselves will gain insight into the results, this not only strengthens trust and thus acceptance of the instrument, but in our experience also personal responsibility for personal development.
On the other hand, others can also help and/or build up the necessary social pressure to make behavioural changes more likely. Typically, it is the manager, the HR department, the works council, the coach or other parties directly involved who gain insight into the results. There are also options that are often chosen where, for example, only extracts or summaries of results are revealed. An external coach can most credibly convey that the results will only be used for the benefit and never to the disadvantage of the feedback recipient. If there is any doubt, only this option should be chosen.
However, a mandatory results discussion with your own manager should always take place. It is not necessary to discuss the results in detail, but rather what conclusions the feedback recipient draws from his 360° feedback.
When conducting a 360° feedback, data protection becomes very important. In addition to the persons involved and the company, the legislator also attaches great importance to the secure processing of personal data. To this end, the framework conditions have been tightened in recent years by the European-wide general data protection regulation (GDPR).
According to art. 32 GDPR, providers are obliged to take technical and organisational measures to ensure a level of protection appropriate to the risk. CREWS & CAPTAINS GmbH uses data exclusively within the scope of the 360° feedback survey, handles security-critical data sparingly and makes a variety of efforts to avoid data leaks. Regular penetration tests by an external specialist company check the level of security and lead to a continuous adaptation to the current state of the art.
Legally, the external implementation of a 360 degree feedback requires the conclusion of a contract for commissioned data processing. This contract regulates how the data is handled and who has which rights and obligations. We provide our customers with a ready-made contract on request.
If the technical data protection of a 360° feedback is ideally realised, it is unfortunately difficult for all participants in the feedback process to check or assess it. Particularly when feedback is carried out online, participants cannot estimate what is going on in the background or what data is being stored. Especially the feedback recipients might have doubts. What are promises about how the results will be handled worth if the management decides to read the results reports after all? This is therefore a matter of trust, in other words a subjective feeling. This trust must be strengthened. For example, by having relevant people ” standing up with their name” for the compliance with the promises. This can take the form of a written “declaration of confidence“, for example. Furthermore, if a works council exists, an agreement can be formally concluded with it.