Before 25th May 2018, many if not all organisations were busy making sure all of their critical business operations were GDPR compliant. From email marketing databases to HR systems, processes and procedures were put in place to ensure personal data was not being kept without permission and that the 'right to be forgotten' could be exercised.
That deadline has been and gone and GDPR is in now full force, but many businesses have still overlooked something critical which sits right at the front door. Visitor and staff management books are evident in most businesses, including offices, hospitals, schools and care homes. These books are not only essential for time management, but also keep track of who is in the building at any time for health and safety and safeguarding purposes.
Visitor management as a business priority
And yet, turning digital when it comes to visitor or staff management isn't deemed a high business priority. But should it be? The simple fact is that having this information full names, car registrations, job titles, email addresses readily available to anyone passing is not GDPR compliant, and businesses are taking an unnecessary risk by having it on display. With strict regulations in place regarding what data businesses can obtain and store and for how long, having a historical record of names, contact details and guest preferences at your fingertips is just no longer viable. Take it out of the 'office environment' context and think about care homes or schools and the issue only becomes more critical. In these environments, an even higher level of identifiability is required as the information held is more sensitive.
Critically, what happens if that data sitting on your unmanned reception desk ends up in the wrong hands? What it comes down to is that, with the GDPR now in motion, businesses can no longer ignore what sits at their front door. If offices, schools, care homes and doctors' surgeries still continue to utilise the traditional book and pen, we all know what fines they'll face.
So, how can any organisation, business, facility or institution effectively provide a seamless and detailed sign in process for visitors and staff whilst also being GDPR compliant?
What many businesses are unaware of, is that GDPR can be tackled with innovative, flexible technology, which at the same time provides a seamless visitor experience. There are now smart solutions to streamline the sign in process with GDPR readiness already built in, for example; the ability to delete visitor sign-in information immediately after that person signs out of the building, so there's really no excuse for non-compliance.
Staff safety
Furthermore, the traditional pen and paper sign in book also potentially poses a significant physical security risk, especially for public-facing environments such as care homes or hospitals, where the general public has immediate visibility of who is on site that day just by glancing at the paperwork or white board at reception. For example, a disgruntled patient could freely enter a hospital and quickly see that the member of staff they want to confront has signed in, and subsequently attempt to track them down. However, instead of displaying private data at reception for the world to see, with a digital solution that hides the status of staff behind a PIN-protected lock screen this potentially dangerous situation could be avoided.
Conclusion
We know that organisations can no longer bury their heads in the sand when it comes to GDPR; the ICO will find out, and an example will be made. It's time to bring visitor experience and staff management in line with the technology available, mitigate unnecessary business and safety risks and adopt a flexible approach to privacy.