The General Data Protection Regulation (GDPR) was passed by the European Union (EU) in 2016. When it comes into force May 25th, 2018, it will be the largest change in digital data privacy ever made.
The GDPR has been designed to protect the private information of customers throughout the EU and has global implications; any business operating with EU data – regardless of where they are located – must comply.
If a business fails to comply with the regulation they will be fined the greater of 4% of their global revenue or €20m. Other consequences include severe damage to an organisation’s customer relationships and brand image.
So what changes are you going to have to make to ensure you are GDPR compliant?
1. Remove the risk of privacy infringement
If you haven’t already moved from a paper-based sign-in system to a more secure digital visitor management solution, you will need to seriously consider the significant privacy breach risks associated with such an antiquated system. With paper-based sign-in processes, the personal information of every individual is unprotected and able to be obtained by anyone with access to the sign-in sheet. This is a clear breach of the GDPR and the liability to your business associated with this level of risk cannot be underestimated.
Sine’s digital visitor management solution ensures that the personal information of each individual can only be accessed by that individual and by the select employees within your organisation who are authorised to do so.
This removes the risk of information theft. In the past, so easily accessible using paper sign-in methods that have all previous check-ins on open display.
2. Hire a Data Protection Officer
You should appoint a data protection officer, who will be responsible for implementing and supervising your data protection strategies. These strategies should include auditing and documenting your existing data processes and the ongoing documentation of these processes moving forward.
TIP: Aligning your strategies with the requirements of ISO 27001 will go a long way towards ensuring your GDPR compliance.
Sine provides additional packages for purchase where our team members take the stress out of moving your check-in process to digital. Instead our highly qualified team members completely set up the entire process, ensuring we dot all the i’s and cross all the t’s, making your transition even easier. Packages and prices are set via evaluation of your needs.
3. Make sure all staff are trained in GDPR compliance
Make sure your staff are well aware of the requirements of the GDPR. If you deal with any UK data the regulation will impact heavily on most areas of your business so it’s vital that your team are comprehensively educated before the regulation comes into force. Ongoing training and awareness should also be conducted to ensure the ongoing compliance of your organisation. Sine can help with this with both general and role-specific reminders at check-in so that every time a team member arrives at work, they are prompted to consider their responsibilities in relation to your business and the GDPR.
4. Check your third-party processes for GDPR compliance
You will need to verify the compliance of any third-party data processors and controllers you work with. The GDPR applies to all processors and controllers who:
- offer goods or services to individuals inside the EU, regardless of whether payment is required
- Monitor the behaviour of individuals within the EU including activity analysis or profiling
You should feel completely confident that your marketing, payroll and any cloud partners are GDPR compliant and that you are able to audit their compliance independently if required. This includes your digital visitor management partner.
With a strong compliance culture, we have put in place processes to ensure we meet the requirements of the EU approved Model Clauses for the transfer of personal data to processors.
This means that you can be sure that when you work with us, you are working with a GDPR compliant product and company.
5. Look after your clients’ rights under the GDPR
You will need to honour an individual’s rights to data portability, to access their own information, and to be forgotten. What this means is that under the GDPR an individual has the right to access any and all personal information you hold about them that they have provided. This information must be provided to them in a structured, commonly used and machine-readable format and they have the right to transmit that data without hindrance. They also have the right to be forgotten, meaning you must have the ability to delete all personal information you hold about them at their request.
With the SinePro mobile app, individuals are able to access, edit and delete their personal profile quickly and easily, without even having to ask.
By the very nature of the app, their profile is portable. This means that, should they wish to receive their information in another format such as in a spreadsheet or document, you have the ability to generate a report containing this information and can provide this to them at their request.
With the activation date fast approaching, it’s important to tie up any loose strings now to ensure your business is completely GDPR compliant. Use our guide and the associated links; consult with experts in the field of data protection; seek advice.
If you are feeling overwhelmed or just want to make life a little easier, talk with us about how Sine’s digital visitor management system can cover off on many of the requirements you need to comply with when it comes to the GDPR, and how quick and easy it is to get it up and running.
With our MDM package, Sine’s software comes already loaded onto iPads when they are sent out to you making set up a breeze – we even offer packages for account set up to help take some of the strain off.
Furthermore, with MDM, Sine’s software is automatically updated with new releases and updates as they occur, ensuring your business is always on the front foot and at the fore of compliance requirements.