You would be forgiven for thinking that GDPR is just industry jargon for flooding your inbox with identikit ‘our privacy policy has changed’ e-mails, but GDPR is a direct replacement for the ‘1995 Data Protection Directive’ and aims to significantly strengthen an individual’s rights surrounding data harvesting including ‘right to erasure’ and provides the regulatory authorities with greater powers to act against businesses which breach GDPR rules with fines up to £20m or 4% of company turnover.
Is my paper sign-in book GDPR compliant?
The short answer is no, but we will look at exactly why paper sign-in books are GDPR non-complaint.
‘“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication.”
GDPR requires you to keep a record that your on-site visitors have agreed to their personal data to be held by your organisation. One major misconception regarding GDPR is that it relates specifically to marketing – GDPR covers all personal data used for any activity.
“The data subject shall have the right to withdraw his or her consent at any time.”
How would you satisfy this regulation with your current paper visitor book? Ripping out pages or crossing out relevant information? I think we can all agree that this is not a process anyone would want to implement into your organisation.
“Data must be kept for no longer than is necessary for the purposes for which the personal data are processed.”
How long do you keep your paper books for? Once the book is full, what do you do with it? Store it in a draw?
“Personal information must be kept confidential with sufficient security and recovery measures in place.”
Is your paper book left out in the open? If someone stole or misplaced this book, could you recover the data stored in it? If your Visitor book goes missing, you will be dealing with a data breach. If your data is stolen, how can you recover it?
What is my alternative to a paper sign-in book?
The alternative is to invest in a Digital Visitor Management Solution. Rapid Technologies recommend Genee Registrar.
Visitor management is the process of tracking every member of staff, visitor or contractor who is in your organisations building at any one time. Let’s look back at the criteria a paper-based system failed on and see how a digital visitor management system stacks up.
“Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication.”
Organisations can insist that all visitors read and agree to their updated privacy terms and conditions before signing in to the building. This ‘splash page’ can also be filled with health and safety information (Fire drill procedures etc) and other safe guarding measures.
“The data subject shall have the right to withdraw his or her consent at any time.”
Digital Systems can allow the administrator to access, view and delete information instantly, without affecting the integrity of the rest of the database.
“Data must be kept for no longer than is necessary for the purposes for which the personal data are processed.”
Digital systems can set pre-defined parameters and guidelines for how long information is deemed relevant, and thus kept, before being deemed no longer relevant and deleted.
“Personal information must be kept confidential with sufficient security and recovery measures in place.”
Personal Information can only be viewed by those provided with administration rights and is not on display to all. All data is stored remotely in the cloud meaning backups can be imported in case of an emergency and protected with the appropriate data security measures.
Clear benefits from a comprehensive visitor management system include;
-
Data Protection – With GDPR at the forefront of everyone’ mind currently, it is important that any visitor information is secured safely and confidentially – traditional paper sign in/out forms are vulnerable to theft.
-
Provide instructions for visitors which they must agree to before signing in. In case of an emergency, it is important to know everyone is accounted for within the building.
-
Staff Notifications – Provide instant notifications via E-mail to staff as soon as visitors sign in. Provide you with a clear audit trail via a traceable, searchable database of everyone who has ever been on site.
-
Remote access to data – fire stewards can access the information via a mobile phone or tablet at the fire assembly point.
Posted By: Jack Wycherley - 05-Sep-2018
