You may have heard a new Data Protection Act is coming into play soon. On the 25th May to be precise and no, Brexit wont be abolishing this EU legislation. Nice try though 😉
From speaking to both potential and current customers it is obvious there is uncertainty about what this all actually means.
It essentially means you no longer own a customer’s personal data. You merely look after it until they choose to exercise their right and request deletion.
First up, let’s establish what personal data is:
“Personal data” means any information relating to an identified or identifiable natural person (“data subject”); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Oh so not much then.
✅ = Pass ❌ = Fail
Do you ask each visitor verbally? Do you write it at the top of the piece of paper? How can you guarantee consent is given? You can’t.
Different visitors may have different requirements. Chances are you’ll need to record different information (personal identifiers) depending on who they are.
This either amounts to pages and pages of visitor logs (and associated risk of data loss) or collecting more data than required and angering the GDPR gods.
Best of luck trying to find all the visitor data recorded in multiple files in multiple offices. Unfortunately there’s no Cmd + F in an analogue world
It’s not even worth thinking about the labor cost of that riveting task
Handwriting. If a visitor’s entry can’t be read, it can’t be accurate. Keeping records up to date isn’t too arduous a task. However, the lucky person responsible for this sure would look fondly at a chronological database.
Hospitality and medical professionals are still battling for the top spot
You’ll need a task management system with advanced scheduling to maintain these deletion schedules. Eg. a task every month to shred logs from a given period
The data can’t be made anonymous, anyone can read it. How can you ensure the next signer cannot see previous entries? Again, you can’t. (well you could with a fresh piece of A4 for each person but what would the baby seals say)
They’re not keen on deforestation
The results would leave you asking:
For those unfamiliar with the new penalties, this is the maximum fine for non-compliance (or €20,000,000, whichever is higher)
It all sounds pretty bleak right? Fear not, we’re here to help.
With the right processes, and supporting technology in place, being GDPR compliant come May 25th should be a doddle!
Trail does more than just visitor logs. Our app serves up a daily list of tasks to guide teams through their day. Anything from opening checks, food compliance, incident logging to cashing up. Visit our website to find out more.