How Peakon Protects Employee Privacy and Keeps Data Confidential

How Peakon Protects Employee Privacy and Keeps Data Confidential

Protecting the data of our customers and their employees is at the heart of everything we do at Peakon. It’s only through maintaining the confidentiality of employees that we’re able to develop the trust needed to collect honest feedback and generate meaningful insights.

We process millions of data points every day and are continuously adding new features that respect the privacy of the employees and help to protect their confidentiality. To explain more about how we work with customers to protect employee data, we turned to our CTO and Co-founder, Christian Holm.

1. What is Peakon’s approach to data protection?

At Peakon, we have a mature approach to data protection and privacy. We’ve thoroughly considered our privacy and security framework that our team has built combined with comprehensive annual audits from external partners. 

As part of our product development process, we hold monthly privacy meetings during which we review our current approach to data protection. We continually assess how new features and technology might impact the security of employee data.

Internally, we have a Data Protection Officer who is responsible for ensuring our technology and processes meet the standards necessary to protect the data of our customers and their employees. We also provide training to all of our employees to ensure that data protection is a collective responsibility within the company.

2. How does Peakon protect the confidentiality of employee data?

All of the feedback and comments provided by employees as part of their survey are collated and conveyed to their employer in an aggregated and confidential form. 

We have over a dozen features to help ensure employee confidentiality. For all companies we enforce minimum data visibility settings to ensure a base level of confidentiality. Beyond that, customers can configure their core confidentiality settings to suit organisational needs.

Our core confidentiality settings, paired with a variety of access controls and dashboard visibility controls, can be adjusted to meet organisational needs and ensure that employee confidentiality is protected regardless of a company’s size or complexity. 

Peakon’s help centre articles include more details about data confidentiality and data aggregation settings, and an overview of confidentiality features and options

3. How does Peakon work with companies to protect employee confidentiality?

The companies we work with range in size from under 100 employees to more than 100,000. Our minimum data visibility settings ensure that employee confidentiality is protected, but the specific settings will change depending on the individual organisation. 

We work together with our customers to ensure that employee confidentiality is preserved, while also providing managers and senior leadership with real-time engagement analytics.

Because every one of our customers has unique requirements, we encourage each of them as Data Controllers to make active decisions in terms of balancing the privacy and usability of their data. 

4. What is Peakon’s policy on revealing the identity of an employee?

We will only reveal the identity of an employee in exceptional circumstances, and where we have a lawful and legitimate basis for doing so. For example, we may consider (based on comments left by an individual or their coworkers) that an employee is experiencing, or at risk of physical, mental or emotional harm (including self-harm) and requires support. There may also be times when we could reveal the identity of an employee to prevent or detect an unlawful act (such as fraud or other criminal act).

Apart from these exceptional circumstances, we don’t provide customers with access to raw employee data (understood as each and every survey response alongside the personal information of the survey recipients) – which helps us to maintain the trust of employees using the platform. For more detailed information please refer to Peakon privacy policy

5. Have you revealed the identity of an employee on the request of employer?

Yes. So far we have had a handful of requests out of nearly 50 million employee responses globally to reveal the confidentiality of an individual. 

We only reveal identity when a request is considered in line with our policy on revealing confidentiality, and refers to a circumstance where the employee in question is experiencing or at risk of physical, mental or emotional harm and requires support. We have an escalation process and approval workflow to ensure that we handle identity requests in a responsive and rigorous way that prioritises the best interests of the respondent.  

All of the requests we’ve received so far have been through this process and considered in line with our internal policies, and in each case they referred to circumstances where the employee in question was experiencing or at risk of physical, mental or emotional harm.

6. Is Peakon GDPR compliant?

Absolutely. All of our subcontractors are GDPR compliant, and we give our customers control over certain functionality in Peakon and the processors that provide it. For example, it’s possible for customers to store employee data purely inside the EEA if they require it.

All of our customer contracts contain GDPR-compliant Data Protection Agreements, which reflect our commitment to meeting the data protection standards outlined by the EU.

Employees also have the right to request that their personal data is removed and deleted from the dashboard. They can also ask to reset their answers and if enabled by the organisation, add, correct or remove attributes within the platform such as age, tenure or gender. 

Since the introduction of GDPR, all new Peakon employees are required to read our data protection policies during their first week of onboarding to make sure that the way our business operates is in line with the latest changes to GDPR. For any other questions about our privacy policy or how we handle your data, please don’t hesitate to refer to our privacy policy, GDPR FAQ, or contacting us at