Data compliance checklist for your visitor management system
Data compliance is one of the most important topics in the visitor management space (and in business in general). Nowadays, as a population we are much more aware and concerned about how and why our data is being collected and seek reassurance from organisations that our personal data is being protected; 92% of consumers say that they believe companies should be proactive about data privacy.
Across the world, there’s a lot of different legislation and regulations regarding data privacy, and these all affect what data businesses collect, how they use data and where they store it. In the EU there is the GDPR (General Data Protection Regulations) , which is arguably one of the most complex data privacy laws in the world and affects both organisations that are based in the EU and those that sell and provide services to customers within the EU. In the US, data privacy laws and regulations can vary from state to state; for example, in California there is the Californian Consumer Privacy Act.
As regulations can vary so much depending on where you or your customers are based, we suggest doing further research around what local data regulations may apply to your organisation. Once you’re aware of the regulations your organisation needs to comply with, it’s time to consider whether your visitor management and employee sign in processes are data compliant.
To help you out, below is a checklist of things to consider when assessing how compliant your processes are.
1. How are you collecting data?
First things first, how are you currently collecting visitor and employee data? Are you still using a pen and paper process or are you using a digital visitor management system? If you’ve upgraded to a digital process, you’re already one step closer to being more data compliant. We’ve shared more about pen & paper sign in processes vs an electronic visitor management system in our blog here.
2. What data are you collecting?
Whatever system you’re using for visitor and employee sign ins, are you able to choose the data you collect? Many data privacy laws, including the GDPR, state that organisations must only collect data that they actually need, and this should be communicated with the person providing their details (we discuss this further later). In addition to choosing what data you collect, are you able to tailor this for each type of visitor?
3. How long is data being stored for?
Are you filling up visitor books and then storing them away in a cabinet and forgetting about them? Or are you using a visitor management system that allows you to set a specific time limit on how long data is stored for and automatically remove data when the time limit has been reached? Data retention periods vary but as a general rule of thumb, data should only be kept for as long as it is necessary.
4. Where is your data stored?
If you’re using an electronic visitor management system, do you have the ability to choose what region your data is stored in? There are certain data regulations that state you must store data locally and ensure it is protected appropriately; for example, making sure it is encrypted at rest and in transit. This again highlights the importance of researching the local regulations which may affect your organisation.
5. Are visitors/employees aware of how data is being used?
6. Is the data you collect accurate and up-to-date?
Data accuracy is so important, particularly for repeat visitors or employees. If an individual’s details change (for example, a change of address or contact details), these should be updated on any records you hold. A digital visitor management system can make this process quick and easy.
7. Have you considered confidentiality?
All data you keep on record should be kept secure. Any personal data you hold on file should only be accessed by appointed individuals - you may have a specific job role for this such as a Data Protection Officer or certain employees may be given the responsibility to handle data; this should be outlined in their job description under their responsibilities. Where possible, if data is ever shown you should have tools to protect any sensitive data such as staff lists or student names. For example, you may opt for the staff list on your visitor management system to only show first names if this can be seen by all people signing in.
At Sign In App, we take data privacy very seriously and are committed to ensuring that any data you store within your Sign In App portal is protected. We comply with the GDPR and are ISO27001 accredited for Information Security Management. If you’d like to find out more about how Sign In App can improve data compliance for your visitor management and employee sign in processes, or would like to learn more about the measures we take to protect our community’s data, get in touch! Our friendly customer experience team is available 24 hours a day via live chat and can also be reached via phone and email - find all of our contact options here.