Guide to creating a survey

 

Several kinds of surveys can be used to collect feedback from members of the personnel.

Starting from the highest confidentiality level, the first kind of survey is the anonymous survey, where no personal data is collected and survey respondents cannot be identified and cannot subsequently identify their own responses.

Next, we have the identifying survey, which involves collecting personal data directly and/or includes responses that enable individuals to be identified.

Lastly, we have the long-term survey, which requires participants to be identified, managed and followed up over a certain period of time.

Given that long-term surveys are rarely used at CERN, they are not covered by the recommendations in this guide.

The advices below are intended to guide you through the process of creating your survey, sending out the invitation to complete the survey and creating a Record of Processing Operations (RoPO).

 

 

 1. Selecting tools/services

 

→ Protect personal data
→ Use tools compliant with personal data management principles
  • What tool will you use to create your survey?

CERN provides internal tools that its personnel can use to create surveys (for details, consult the list of IT tools for surveys).

If you are planning to use a tool that is not yet available at CERN, please contact the Cloud Licence Office (CLO) before using or buying the tool (even if it is freely available), and remember to allow enough time (two to three months) for the services in question to process your request.

A note of caution: The use of a freemium tools (i.e. a tool made available by an external provider - commercial or not - with certain features which are free to use) still requires CERN to establish an agreement with the provider. In general CERN members of the personnel do not have the right to sign Terms of Service or Contracts with providers and start using these tools to process personal data for work related matters. To use an external provider, CERN services must establish an enterprise agreement with adequate data protection measures, which is typically done during the procurement process.

  • Do you need help to select a survey tool?

If you need help to select a tool, please contact CERN’s IT Consulting Service.

  • Are you planning to outsource your survey?

If you would like to outsource your survey to an external supplier, please allow two to three months for a contract to be drawn up and the company’s personal data management practices to be checked. It is recommended that you request an anonymised report of the survey responses and do not ask to see the personal data collected. You can find more information about outsourcing on this website under “Processing by External Entities”.

 

 

 2. Preparing the survey

 

→ Identify your target group
→ Prepare the invitation
  • Did you know that preparing your survey often involves processing personal data?

You are probably targeting a specific audience with your survey and want to invite them to take part in the survey. Don’t forget that this stage already involves processing personal data. For instance, when you:

  • generate a mailing list of the target audience based on information collected from a database, like the the names and e-mail addresses of people who meet your criteria and then ;
  • send an e-mail to the mailing list with the invitation to take part in the survey.
  • Do you need to complete a Record of Processing Operations (RoPO)?

You need to document the processing of the data used to identify the target group through a RoPO and you should refer people to the RoPO in the survey invitation. If you regularly contact the target group as part of your service’s everyday work, this data processing will already be covered by an existing RoPO.

  • What should you include in the RoPO?

Don’t forget to include the selection criteria, as they also count as personal data that you are processing in order to invite people to participate.

For example, if your survey targets staff members in the HR department who will be retiring soon, you would document the following selection criteria: status, department and age.

The document “RoPO template for a survey with an invitation” may help you in the preparation of your survey.

  • What legal basis should you indicate in the RoPO?

This kind of processing is usually conducted as part of the legitimate interests of the service concerned if the target group may expect to be contacted for this survey. For instance:

  • when your service is in charge of managing the activities of the population concerned and the survey is focussed on this aspect (e.g. a customer satisfaction survey);
  • when the individuals supply their contact details in order to be contacted.

If you have any doubts, ask yourself the following question: Would I be surprised to receive the survey invitation? If you answer “no”, it is safe to assume that you have a legitimate interest.

  • How long should the data be retained?

All the data processed in preparing the invitation should be deleted without delay after the invitation has been sent.

  • How do you inform the target group?

In the invitation e-mail, it is important to include a link to the privacy notice (i.e. the RoPO, once it has been published on the Service Portal) and to stress the voluntary nature of the survey.

 

 

 3. Context of the survey

 

Think carefully about your use of personal data
  • Does your survey contain personal data?

This is the case if you are collecting data such as e-mail address, telephone number, IP address, cookies, CERN ID or Person ID.

This is also the case if your survey includes demographic questions where the response will make it possible to identify individuals by a process of deduction, especially if the group targeted by the survey is relatively small.

Wherever possible, it is best to avoid collecting personal data. And if you do have to collect it, only collect what is strictly necessary.

In particular, collecting sensitive personal data, such as data related to health, political views or philosophical positions, is authorised only under very specific conditions. If it is absolutely necessary to collect sensitive data, consider using an external company to generate and analyse the survey results and present them in the form of anonymised reports, without divulging the content of the responses.

By adjusting the survey questions and/or the multiple-choice response options, you may be able to avoid processing personal data. For example, you can use an aggregated approach: instead of asking people’s exact age, opt for age bands like “30-39 years old”.

At the end of the day, you have two possible scenarios:

Scenario 1Anonymous survey:
Individuals cannot be identified in your survey, so you are not processing personal data. This means that you do not need to create an RoPO for the survey, but you may need to do so for the invitation.

Scenario 2Identifying survey:
You are collecting personal data in your survey. You need to complete an RoPO.

You could include the information in the RoPO that you created for the invitation, if relevant, although that risks making the document complicated.

Alternatively, you can create a separate RoPO.

Either way, the collection and processing of data from the survey must be done with the individuals’ consent. You must not keep the data any longer than is required to analyse it. You may be able to anonymise the data.

Don’t forget to include a link to the privacy notice in your survey form.

 

 

 4. Creating the survey

 

→ Inform people
→ Get consent
  • Do you need help to create the survey?

If you need help to create your survey, you can contact your departmental data privacy coordinator (DDPC).

A few recommendations

Recommendation 1: Think carefully about whether you need to collect personal data and why. Don’t include demographic data (e.g. age or nationality) that could ultimately allow an individual to be identified. Only collect the data you really need. If you follow these tips, the RoPO will be easier to complete.

Recommendation 2: Decide on a reasonable data retention period, which should be indicated in the RoPO. Once that period has elapsed, the data can be anonymised and preserved in the form of statistics.

Recommendation 3: Refer to the RoPO in your invitation e-mail or message introducing the survey, and mention that participation in the survey is voluntary. People must give their consent for their personal data to be collected. By responding to the survey, they are giving their consent.

Recommendation 4: People retain ownership of their personal data. They need to be able to ask for it to be deleted or corrected.

 

 

 5. Creating a Records of Processing Operations (RoPO)

 

Use an RoPO where necessary
  • Do you need help to create the RoPO?

If you need help to create a RoPO, you can contact your departmental data privacy coordinator (DDPC).

The “Records of Processing Operations” procedure is available in the Admin e-guide.

The document “RoPO template for a survey with an invitation” may help you in the preparation of your survey.

  • Where can one find some examples?

If you are lacking inspiration, you can have a look into the Layered Privacy Notice and perform a search on the web page (with your browser specific "find on page" functionality) to locate those notices that have the word “survey” in the title.

  • Shall you establish every time a new RoPO for a survey that is carried out recurrently, for instance once per year?

For recurrent surveys, you can either foresee a generic RoPO covering all surveys if the surveys involve the same data processing, or to clone an existing RoPO displayed in the Layered Privacy Notice and adapt it to your needs.

  • Are you obliged to document both invitation and survey into one single RoPO?

If necessary, you can document the preparation of the invitation in a separate RoPO. This step is important if you have preselected your participants based on criteria such as nationality or age in order to target your audience (through use of e-groups or other contact lists). You should set a retention period after which you will delete this list.

  • In the context of an event you are organising, you will present the participants with a survey to measure their satisfaction. Do you need two separate RoPOs, one for the event, another for the survey?

It is possible to group in a same RoPO the organisation of an event and the survey provided that it is clear for the concerned persons what each part relates to and that the different activities are well documented.

  • How can you get a Privacy Notice?

Once published, the RoPO will be converted into a Privacy Notice and will be available on the Service Portal.

It is to be mentioned that, before its publication, a RoPO must be reviewed by the CERN Office of Data Privacy. Should the publication be urgent, you may come back to your DDPC who will be in charge to contact them.

 

A few recommendations

Recommendation 1: Start by mentioning the invitation and the service in charge of the survey.

Recommendation 2: For each demographic question, provide details of the personal data that will be used, stored and shared, and explain the purpose of the question. Group more general questions together. Also provide details of special questions.

Recommendation 3: Indicate what technical information is automatically detected and recorded (e.g. IP address) when the member of the personnel goes to the survey website.

Recommendation 4: If you are using for your survey an IT platform provided by CERN, for instance if the survey is running on SharePoint or hosted on a web site under DRUPAL, don't forget to mention the corresponding service (such as the IT DRUPAL service) in the RoPO under "Who at CERN has access".

Recommendation 5: If you use a non-CERN external supplier, check their personal data management practices (e.g. marketing, analysis, sharing with other suppliers).

Recommendation 6: Set a short retention period for the survey responses, then anonymise the personal data.

 

 

 

 6. Processing the collected data

 

A few recommendations

Recommendation 1: You should anonymise the data at the earliest possible opportunity.

Recommendation 2: The results that you publish should be anonymous unless you have explicit permission to publish people’s responses with their names.

 

 

 7. Walking you through the RoPO process

 

Decision tree for survey RoPOs