As part of the General Data Protection Regulation (GDPR), you are seen as the “Data Controller” for any feedback data you collect.

Your responsibilities as the “data controller” includes making sure that:

  • You have lawful grounds for collecting data about someone being assessed

  • You have lawful grounds for collecting data from the person providing feedback.

In both cases, you may have lawful grounds based on existing employment contracts. If this is the case, you do not need to ask for consent.

However, if you do not have a contract that covers this — perhaps because one of the people giving feedback is a customer of yours rather an employee — you will need to ask for consent.

Asking for consent is simple:

  1. You need to let your participants know how you will be using the data. You can achieve this with a short Privacy Policy and we’ve got a great template here.

  2. You need to ask for their consent, which you can do with a checkbox question as shown below:

Where next?

You may also be interested in:

Did this answer your question?