With the deadline for GDPR compliance fast approaching, many firms have begun to take steps to adopt a privacy by design and default approach to process management, however, an often overlooked risk is that of Visitor Management.
To secure your organisation visitor data is captured upon arrival to allow full visibility of those within your facility but have you considered the implications of this data capture on GDPR compliance? To help you get prepared for May 2018 we will be sharing some key compliance pointers in our mini blog series on GDPR with a handy downloadable guide available here!
To kick off our series we are taking a look at Article 5 (1) (c) of this new legislation;
Personal data must be adequate, relevant and limited to what is necessary in relation to the purpose for which they are processed
What this means for Visitor Management:
Under this new legislation, organisations must only seek to capture information that is absolutely essential for the purpose for which it is captured. In this case, only information essential to the safe and efficient processing of visitors should be captured. When considering the data you wish to capture at check-in ask yourself 'is this data essential for security or visitor management purposes" if the answer is no, remove this question from the check-in process.
For enterprise-scale organisations that process thousands of visitors per month what is relevant for one visitor may be deemed excessive for another. Take for example a food production plant, it may be necessary to conduct basic health screening for any visitors requiring access to the production plant, however for an interviewee requiring only access to an office space only, this health screening could be deemed excessive as they will not come into contact with any production zones. To overcome this challenge seek a visitor solution that offers flexibility in terms of visitor workflows, enabling your organisation to tailor data capture screens presented to match visitor profiles.
Find out more: