Is my paper sign-in book GDPR compliant?
The short answer is no, but we will look at exactly why paper sign-in books are GDPR non-complaint.
GDPR requires you to keep a record that your on-site visitors have agreed to their personal data to be held by your organisation. One major misconception regarding GDPR is that it relates specifically to marketing – GDPR covers all personal data used for any activity.
How would you satisfy this regulation with your current paper visitor book? Ripping out pages or crossing out relevant information? I think we can all agree that this is not a process anyone would want to implement into your organisation.
How long do you keep your paper books for? Once the book is full, what do you do with it? Store it in a draw?
Is your paper book left out in the open? If someone stole or misplaced this book, could you recover the data stored in it? If your Visitor book goes missing, you will be dealing with a data breach. If your data is stolen, how can you recover it?
What is my alternative to a paper sign-in book?
The alternative is to invest in a Digital Visitor Management Solution. Rapid Technologies recommend Genee Registrar.
Visitor management is the process of tracking every member of staff, visitor or contractor who is in your organisations building at any one time. Let’s look back at the criteria a paper-based system failed on and see how a digital visitor management system stacks up.
Organisations can insist that all visitors read and agree to their updated privacy terms and conditions before signing in to the building. This ‘splash page’ can also be filled with health and safety information (Fire drill procedures etc) and other safe guarding measures.
Digital Systems can allow the administrator to access, view and delete information instantly, without affecting the integrity of the rest of the database.
Digital systems can set pre-defined parameters and guidelines for how long information is deemed relevant, and thus kept, before being deemed no longer relevant and deleted.
Personal Information can only be viewed by those provided with administration rights and is not on display to all. All data is stored remotely in the cloud meaning backups can be imported in case of an emergency and protected with the appropriate data security measures.
Clear benefits from a comprehensive visitor management system include;
Data Protection – With GDPR at the forefront of everyone’ mind currently, it is important that any visitor information is secured safely and confidentially – traditional paper sign in/out forms are vulnerable to theft.
Provide instructions for visitors which they must agree to before signing in. In case of an emergency, it is important to know everyone is accounted for within the building.
Staff Notifications – Provide instant notifications via E-mail to staff as soon as visitors sign in. Provide you with a clear audit trail via a traceable, searchable database of everyone who has ever been on site.
Remote access to data – fire stewards can access the information via a mobile phone or tablet at the fire assembly point.