With less than 10 days to General Data Protection Regulations (GDPR) coming into effect in the UK, the way we use, and process personal data is about to be changed (for the better, hopefully).
Personal data, simply put, is any information (in a structured form) that can identify a person. GDPR requires its member states, to ensure that all information that can identify a person is protected under appropriate safeguards. With increased scrutiny on businesses to rethink privacy, and the way we treat information, it is a fairly significant change from Data Protection Act 1998 (DPA) not in what it says about protecting information, but rather, the extent to which you have to protect it, and worsened consequences for noncompliance.
Whereas a data breach costed up to £50,000 under (almost out of date) law, the new GDPR has upped the bar for maximum fine, in that now it’s a whopping €20 million, or 4% of the annual (global) business turnover.
What does that mean for you?
You may have already started working on your GDPR compliance at your businesses. There may even be a project looking at areas of non-compliance. But how much of it is focused on opening cans of worms from under the carpets, than successful implementation of changes in the workplace?
An easy win
Let’s start at the beginning, and look at personal information collected from the doorstep onwards. Do you know how much security your visitor logbook has? Chances are it’s a draconian paper-based log book, including not only visitor’s personal information, but potentially car registrations too, and it is often left by the desk, open, and visible for any passer-by to easily access. And that is only one, among other security risks of having a paper logbook.
DigiGreet is a great alternative (and a quick-win) for changing over from the paper-based logbooks to a digital visitor management system. With technical security features built-in, it is instantly more secure than a paper-based book. Each visitor’s information is treated as confidential, and inaccessible to the next visitor, and can easily delete the data as per retention schedules. More importantly, you can adapt how much information you want to collect from your visitors, and lock it down, to be only accessed within premises.