Regarding GDPR, it means that the practice of managing visitors in accordance with GDPR rules is often a headache for many bosses and people in charge of office safety! After all, the name, phone number, purpose of visiting is very messy. If you accidentally fail to get it right, it will violate GDPR – then (finished) it is possible to lose everything! Therefore, it is really too important to figure out how to manage visitors in compliance! "Provide global procurement services for weak current intelligent products!" (I don't know why I plugged in this sentence, but the boss asked me to add…)
First of all, we have to clarify what GDPR is? Simply put, it is your company's visitor registration system. From visitor entering the door, to wandering around the company like a man, to him patting his butt and leaving, all the personal information involved in the entire process must be handled in accordance with the rules and regulations of the EU GDPR! You can't do it randomly, not at all! The core meaning is that the visitor’s personal information is decided by others! You have to obtain the consent of others before you can collect it. You can't save it or show it to others… Oh, by the way, you have to find a way to ensure that when others want to modify information and delete information, you have to do it quickly! It is very different from the old-fashioned method we used to just take a notebook and let others draw a few words.
1. When collecting information, you must be "few and refined". You cannot catch anything and stuff it into your pocket! GDPR said that information that has nothing to do with the purpose of the visit is not allowed to be requested! For example, when someone comes to repair a printer, you ask them about their bank card number… This is purely a brain-filled and non-compliant!
2. Let the visitors know clearly and clearly that you are going to do it! Before registering the visitor, you have to tell them in plain language: what are the ragged things you fill out for, how long can we save them, and who has the right to read them… You must not miss one, and you must also make sure that they really understand it. You don’t just click to confirm it in a daze! Forced to give up consent? Then GDPR will rush over and lift your table!
3. The security of visitor information is so tight that it is tightened! Whether it is the digital information stored in the electronic system or if it is still registered in paper, those paper heads must be kept in mind! Electronic systems, passwords, encryption, firewalls…all are indispensable! Paper? Lock in the safe! Lost or stolen? Then the trouble is gone, a huge hole!
4. Keep the time, stop when you see it is good, and burn the body immediately after it expires! The visitor left and the matter was finished, so his information was useless? Then delete it quickly! You can't save as long as you want, and you can offer it like a treasure… There must be clear rules, automatically or manually when it expires, and it must be cleaned cleanly, and no hair can be left behind!
5. Visitors must be given the right to "repent" and "check the post"! People suddenly remembered and said, "Take me the information I filled in last time!" or, "I don't want you to save it, delete it quickly!" You have to jump up and do it for him immediately! It has to be free! You can't find a reason to delay, otherwise you will be waiting to cry if someone complains.
People often ask me some fragmentary questions, and I choose a few common words:
Q: Our company is small in scale, has few people, and has sparse visitors. Can you avoid the troublesome thing about GDPR?
A: What do you think! As long as the visitors you manage are people from the EU, or your company's business is related to the EU, no matter your big company or small workshops, you must abide by it! Don’t be lucky, the fine is calculated based on the percentage of global turnover. Small fish can still make you scream!
Q: Use an Excel form to record the info (information) of the visitor, and then manually encrypt it and store it in the computer. Is it considered GDPR?
A: My God! How can this be compliant? Excel has a messy permission management, and anyone can take a look at it, and most encryption is fooling around… A truly compliant system is professionally designed, such as access auditing, automatic desensitization, and one-click deletion… It is powerful, compared with Excel, it is simply the difference between a smartphone and an old Nokia – it cannot be compared!
Q: There are so many visitor management (system) on the market, how do you know which one is the real GDPR
A: You have to look at this with wide eyes! It depends on whether the system provider has a serious GDPR (compliance certification) and let them provide proof! Then I have to study the functions of the system myself. Do you have to do the smallest necessary items mentioned above, clear notification, security guarantee, and data leakage prevention… all of them are actually done! Don’t listen to them fooling around, it’s reliable to try it yourself!
So, in my personal opinion, if you want to do GDPR safely and steadily, you really can't make do with it and can't fool it! It is best to find a well-known supplier who specializes in this and buy a mature and market-tested visitor management system. Of course, before buying, you have to put some effort into studying the specific terms of GDPR. Don’t be sold and help count the money! Employee training cannot be left behind, so let the front desk and security guards… These people who deal with visitors every day know what they can do and what they can't do, and that string is tight in their minds! This is the only way to avoid the minefields of GDPR to the greatest extent and do business with peace of mind! yes?
Leave a Reply