Blog Home 9 Case Studies 9 Data Security and Herrmann: What You Need to Know About GDPR, Personal Info, and more

Data Security and Herrmann: What You Need to Know About GDPR, Personal Info, and more

by | May 25, 2018

Share this article

With high profile scandals popping up every day in the news, data privacy is a very hot topic these days. At Herrmann, we’ve always taken a strong stance on data privacy, as we believe transparency on these important topics is vital to maintaining trust. However, with the EU General Data Protection Regulation (GDPR) coming into effect next week, we wanted to take the opportunity to remind you what we at Herrmann do to protect your data, and let you know about our most recent efforts to strengthen our protections for GDPR.

Herrmann has always held the view that Thinkers (recipients of the HBDI® or other Herrmann assessments) should own their data, and thus have always fiercely protected data privacy. We were the first company in our industry to attain Privacy Shield Certification, and see the GDPR as offering us an opportunity to strengthen and reaffirm our position. Whether you live in the European Union or not, as a Thinker we believe you have the right to know how we use your data, to determine who has access to it, and to maintain access to it, or delete it, even if you change jobs or other circumstances. We routinely turn down revenue from companies who wish to use Thinkers’ data in ways that we do not deem consistent with our values.

Our stance has long been consistent with the principles of the GDPR, but over the past months Herrmann has nevertheless put a lot of work into further improving our online operations to more fully comply and in many cases exceed the new standards set forth in the GDPR. If you aren’t familiar with GDPR, it’s a new European privacy law that creates a single data protection framework across the EU. It applies to all companies that handle the personal data of EU citizens, whether or not the company itself is located in the EU. Apart from ensuring that there is a single standard for how businesses collect and process personal data, the GDPR also gives individuals greater control and access to their information.

The most important change we’ve made for the GDPR is in migrating of all of our clients over to our new Axon platform, to take advantage of its increased security standards and improved privacy controls. From day one, we built Axon with privacy and security in mind, and it makes it easier than ever before to put thinkers in control of their data. In some cases, this migration has required a change to the familiar ways of using our systems — which we know can sometimes be uncomfortable! — but these changes help us ensure a higher degree of privacy and security.

Additionally, here are some of the other changes we’ve made to better protect your data:

  • We reduced the number of systems that use personal data to perform functions, and set stricter protocols to delete temporary data once it is no longer needed
  • We created a new tool to help Thinkers answer the question: “Which organizations can see my data?”, which is available through one of our Privacy Administrators
  • We updated the Axon user agreement, Certified Practitioner license agreement, and client master services agreements with additional language on treating Thinker data appropriately and in line with the GDPR

As a result, you’ll probably notice a few new things on our platform, including:

  • We’ve updated our privacy statement that provides information on how  we use any personal data that you provide to us, and made it accessible from any page where we collect personal data. Our privacy policy has been updated and expanded, too!
  • We’ve also written a user’s guide called Your Data for Thinkers who want more specific information on how we treat personal data from Herrmann’s assessments.
  • A new, clearer consent notice and screen to the start of the HBDI® and other assessments. This notice provides even more information specifically about what we do with assessment data.
  • Certain questions have been removed from the survey, like date of birth, phone number, and address, which didn’t add anything to your assessment. All existing stored data for those fields in our system has been deleted.
  • New language around the features that allow you to share your profile results
  • Last but not least, a snazzy new cookie banner on login pages 🍪

As a company, we are committed to staying at the forefront of Thinker privacy protection, and will continue to evolve our approach as technologies, regulations and our clients’ needs change. We’ll keep you updated but, as always, if you have any questions please reach out to us! Our privacy team can be reached at

Share this article