Is your Sign-in Book Breaking the Law?
Can your visitors see who has been in the building before them? Are their personal details on show for everyone to see? This is a GDPR breach and your establishment could face a substantial fine.
Individuals have the right to be informed: When signing in, a visitor should be shown a visitor policy to be informed why the data is needed and how it will be used. If the lawful basis for collecting and processing the data is consent, this must be clearly communicated and cannot be assumed. Your visitor’s consent must be explicably granted. Do you show a separate visitor policy explaining this alongside your sign-in book?
Individuals have right of access: Individuals have the right to view data collected and to obtain confirmation of how it is being processed. If your organisation handles a large number of access requests, you must consider the logistical implications of having to deal with requests efficiently. Is this managed quickly and easily by your sign-in book?
Individuals have the right to rectify and erase data: This is where your sign-in book process can hit a problem. If an individual came back to your establishment six months down the line and requests to be deleted, can you easily find them in your numerous logbooks and delete their movements?
Individuals have the right to data portability: Individuals now have the right to retrieve personal data from companies who have our data stored. Unless your company transfers all visitor data from your sign-in book into an electronic spreadsheet which can be exported, this is where your company could trip up with GDPR.
EntrySign is a Visitor Management System that will not only keep you GDPR compliant, but will make it quicker and easier than ever before to manage your visitors and staff whilst on-site.
Please get in touch and we’d be happy to provide you with a demonstration of this award-winning system: call Verity on 01254 271 333 or email: firstname.lastname@example.org