Online assessments come with plenty of advantages – but plenty of risks, too. Chief among them is data security.

Whenever you administer an online exam you’re going to be collecting sensitive data such as the personal details of candidates, their exam answers and perhaps a video log of their movements during the test.

That means as an online assessment provider, you have an extra responsibility to keep that sensitive data secure and safely away from prying eyes. Here are some of the main data challenges you’ll be faced with.

Data security challenges in online assessments.

Keeping candidate details secure

The first data you’ll be responsible for are the personal details of each candidate. Since they’ll be entering it into your system, you’ll have on file personal details such as name, address, location and company/university/college. Of course, these data depend on both your organisation and the online assessment software you use.

Permission to access the candidate’s webcam

If you’re administering an online exam, it’s likely you’ll need permission to access the webcam of the test-taker – to both verify their identity and monitor their movements during their exam.

It’s vital that the candidate understands they’re giving you permission to access their webcam, and also that the permission will only last as long as the assessment. After it’s finished, the permission must be revoked until it’s granted again. The candidate must be aware of all these things.

A recording of the candidate during the exam

Many pieces of online assessment software will also store a recording of the candidate during the exam. They do this to retroactively monitor behaviour, in case they suspect cheating or candidate substitution. Again, it’s important that you keep this secure, and also that candidates are able to request a copy if required.

A quick guide to GDPR and online assessments.

With the introduction of GDPR, data security has taken on added importance for organisations in recent years. Let’s take a look at what GDPR is, and its relevance to online assessments.

What is GDPR?

GDPR. It’s an acronym you’ve probably come across before, but maybe you’re not quite sure what it means.

Essentially, the GDPR (General Data Protection Regulation) was brought in by the EU in 2018. In its simplest form, it requires that every company collecting data related to people within the European Union must adhere to the GDPR.

3 steps to make sure your online assessment is GDPR-compliant

    1. You’ll firstly have to define a ‘lawful base’, or reason, for collecting that person’s data. It’s quite common for websites to seek the consent of the user as their lawful base, but the processing of data could also be a legal obligation or part of a contract, for example.
    2. You’ll then have to explain your reasoning for your lawful base. In practice, that means you’ll have to explain clearly why you need to collect the data, and why this lawful base applies to the user in question.
    3. After that, you’ll have to conduct what’s known as a Data Protection Impact Assessment (DPIA). It’s here where you lay out things like the scope of your data collection. In your case, you might outline how long you will keep a recording of a candidate for. You should also include details of how a candidate can request a copy of their data.

How Comprobo keeps data secure.

GDPR is only one piece of the data security jigsaw.

At Comprobo, we run online assessments for companies all over the world. Each of our clients have their own needs, with different requirements for data collection and security. For this reason, it’s important to have a clear process of how we store and protect our customer data.

Here are three ways we do that.

We adhere to GDPR rules

We, of course, adhere to the GDPR rules that we set out above. The Comprobo terms and conditions contain the details of how we meet our GDPR requirements, such as the data we will collect, why we need to collect it, how long it will be stored for and how candidates can request a copy of their data.

We store data in a secure, auditable record

Any data that we collect for an online assessment is then stored in a secure, auditable record. In practice, that means it is protected from prying eyes and its security is verified by security professionals.

We Make Data Protection Our Top Priority

We protect your data by performing regular data backups, utilising encryption technology, and implementing strict access controls. This makes it easier for you to comply with GDPR and data security standards, benefiting you by ensuring data privacy, security, and availability.


Data security is a vital component of any online assessment. The needs and challenges differ from company to company, but the key elements stay the same: keeping your data secure, making your data practises transparent and ensuring your data records are accessible to the user.

Keep those three phrases in mind, and you’ll make sure data security never becomes a data challenge.